aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Kaufmann <phil.kaufmann@t-online.de>2012-04-12 18:39:22 +0200
committerPhilip Kaufmann <phil.kaufmann@t-online.de>2012-04-12 20:34:06 +0200
commitb1a99c3a1fb2613e9c7cecd565e8cc604b03eb6f (patch)
treeb19c2b1217119549a26ff5f46f6f06704525ea9c
parent1e8c62b29cc0bee5f8da4aa10720fddf0a1cbdfe (diff)
limit length of generated URI to 255 chars to prevent a DoS against the QR-Code dialog
-rw-r--r--src/qt/qrcodedialog.cpp34
1 files changed, 23 insertions, 11 deletions
diff --git a/src/qt/qrcodedialog.cpp b/src/qt/qrcodedialog.cpp
index 515cae29d2..80a56d95f3 100644
--- a/src/qt/qrcodedialog.cpp
+++ b/src/qt/qrcodedialog.cpp
@@ -35,20 +35,28 @@ QRCodeDialog::~QRCodeDialog()
void QRCodeDialog::genCode()
{
QString uri = getURI();
- QRcode *code = QRcode_encodeString(uri.toUtf8().constData(), 0, QR_ECLEVEL_L, QR_MODE_8, 1);
- myImage = QImage(code->width + 8, code->width + 8, QImage::Format_RGB32);
- myImage.fill(0xffffff);
- unsigned char *p = code->data;
- for (int y = 0; y < code->width; y++)
+
+ if (uri != "")
{
- for (int x = 0; x < code->width; x++)
+ ui->lblQRCode->setText("");
+
+ QRcode *code = QRcode_encodeString(uri.toUtf8().constData(), 0, QR_ECLEVEL_L, QR_MODE_8, 1);
+ myImage = QImage(code->width + 8, code->width + 8, QImage::Format_RGB32);
+ myImage.fill(0xffffff);
+ unsigned char *p = code->data;
+ for (int y = 0; y < code->width; y++)
{
- myImage.setPixel(x + 4, y + 4, ((*p & 1) ? 0x0 : 0xffffff));
- p++;
+ for (int x = 0; x < code->width; x++)
+ {
+ myImage.setPixel(x + 4, y + 4, ((*p & 1) ? 0x0 : 0xffffff));
+ p++;
+ }
}
+ QRcode_free(code);
+ ui->lblQRCode->setPixmap(QPixmap::fromImage(myImage).scaled(300, 300));
}
- QRcode_free(code);
- ui->lblQRCode->setPixmap(QPixmap::fromImage(myImage).scaled(300, 300));
+ else
+ ui->lblQRCode->setText(tr("Resulting URI too long, try to reduce the text for label / message."));
}
QString QRCodeDialog::getURI()
@@ -81,7 +89,11 @@ QString QRCodeDialog::getURI()
paramCount++;
}
- return ret;
+ // limit URI length to 255 chars, to prevent a DoS of the QR-Code dialog
+ if (ret.length() < 256)
+ return ret;
+ else
+ return QString("");
}
void QRCodeDialog::on_lnReqAmount_textChanged(const QString &arg1)