Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-91870

QDecompressHelper's archive bomb minimum limit should be adjustable

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • P2: Important
    • 6.2.0 Alpha
    • 6.2
    • Network: HTTP
    • None
    • All
    • 5
    • 69982182a394618d4f121d2938d7d76196fe78f6 (qt/qtbase/dev)
    • Qt6_Foundation_Sprint 34

    Description

      Preferably on a per-request basis it should be possible to set the minimum size before the archive bomb checker kicks in. Currently it's 10MB, but for a 'trusted website' users may want to increase it if they know some files may have 'suspicious' decompression ratios. Or they know the systems their code will run on is guaranteed to have more RAM available than this so decompressing e.g. >100MB of an archive bomb would not be considered a problem.

      Attachments

        Issue Links

          resulted from

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-91392 ProtocolFailure with certain HTTP requests to transmission-daemon

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          For Gerrit Dashboard: QTBUG-91870
          # Subject Branch Project Status CR V
          350325,5 QNetworkRequest: Add API to set a minimum archive bomb size dev qt/qtbase Status: MERGED +2 0

          Activity

            People

              manordheim Mårten Nordheim
              manordheim Mårten Nordheim
              Vladimir Minenko Vladimir Minenko
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes