QDecompressHelper: limit decompression ratio

To avoid potential decompression bombs. This is implemented with just a simple check that the ratio doesn't pass some hardcoded preset. Change-Id: I17246f0f43e73280cdb35a8f03d65885f5678ad6 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
author: Mårten Nordheim <marten.nordheim@qt.io> 2020-08-19 12:47:47 +0200
committer: Mårten Nordheim <marten.nordheim@qt.io> 2020-09-22 19:08:53 +0200
commit: a07f35409bc1e129b027fc7ccb312949a454f66e (patch)
tree: 84cde42e8d76a0eb0abbaddf474975eb8393a57f /src/network/access/qhttpnetworkreply.cpp
parent: 16a1ddd73337c2622499c77b12de9395d43aba87 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/network/access/qhttpnetworkreply.cpp b/src/network/access/qhttpnetworkreply.cpp
index e11ea401d2b..29aef593690 100644
--- a/src/network/access/qhttpnetworkreply.cpp
+++ b/src/network/access/qhttpnetworkreply.cpp
@@ -582,6 +582,8 @@ qint64 QHttpNetworkReplyPrivate::readHeader(QAbstractSocket *socket)
         if (autoDecompress && isCompressed()) {
             if (!decompressHelper.setEncoding(headerField("content-encoding")))
                 return -1; // Either the encoding was unsupported or the decoder could not be set up
+            if (request.ignoreDecompressionRatio())
+                decompressHelper.setArchiveBombDetectionEnabled(false);
         }
     }
     return bytes;
author	Mårten Nordheim <marten.nordheim@qt.io>	2020-08-19 12:47:47 +0200
committer	Mårten Nordheim <marten.nordheim@qt.io>	2020-09-22 19:08:53 +0200
commit	a07f35409bc1e129b027fc7ccb312949a454f66e (patch)
tree	84cde42e8d76a0eb0abbaddf474975eb8393a57f /src/network/access/qhttpnetworkreply.cpp
parent	16a1ddd73337c2622499c77b12de9395d43aba87 (diff)