diff options
author | Philip Kaufmann <phil.kaufmann@t-online.de> | 2012-04-12 18:39:22 +0200 |
---|---|---|
committer | Philip Kaufmann <phil.kaufmann@t-online.de> | 2012-04-12 20:34:06 +0200 |
commit | b1a99c3a1fb2613e9c7cecd565e8cc604b03eb6f (patch) | |
tree | b19c2b1217119549a26ff5f46f6f06704525ea9c | |
parent | 1e8c62b29cc0bee5f8da4aa10720fddf0a1cbdfe (diff) |
limit length of generated URI to 255 chars to prevent a DoS against the QR-Code dialog
-rw-r--r-- | src/qt/qrcodedialog.cpp | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/src/qt/qrcodedialog.cpp b/src/qt/qrcodedialog.cpp index 515cae29d2..80a56d95f3 100644 --- a/src/qt/qrcodedialog.cpp +++ b/src/qt/qrcodedialog.cpp @@ -35,20 +35,28 @@ QRCodeDialog::~QRCodeDialog() void QRCodeDialog::genCode() { QString uri = getURI(); - QRcode *code = QRcode_encodeString(uri.toUtf8().constData(), 0, QR_ECLEVEL_L, QR_MODE_8, 1); - myImage = QImage(code->width + 8, code->width + 8, QImage::Format_RGB32); - myImage.fill(0xffffff); - unsigned char *p = code->data; - for (int y = 0; y < code->width; y++) + + if (uri != "") { - for (int x = 0; x < code->width; x++) + ui->lblQRCode->setText(""); + + QRcode *code = QRcode_encodeString(uri.toUtf8().constData(), 0, QR_ECLEVEL_L, QR_MODE_8, 1); + myImage = QImage(code->width + 8, code->width + 8, QImage::Format_RGB32); + myImage.fill(0xffffff); + unsigned char *p = code->data; + for (int y = 0; y < code->width; y++) { - myImage.setPixel(x + 4, y + 4, ((*p & 1) ? 0x0 : 0xffffff)); - p++; + for (int x = 0; x < code->width; x++) + { + myImage.setPixel(x + 4, y + 4, ((*p & 1) ? 0x0 : 0xffffff)); + p++; + } } + QRcode_free(code); + ui->lblQRCode->setPixmap(QPixmap::fromImage(myImage).scaled(300, 300)); } - QRcode_free(code); - ui->lblQRCode->setPixmap(QPixmap::fromImage(myImage).scaled(300, 300)); + else + ui->lblQRCode->setText(tr("Resulting URI too long, try to reduce the text for label / message.")); } QString QRCodeDialog::getURI() @@ -81,7 +89,11 @@ QString QRCodeDialog::getURI() paramCount++; } - return ret; + // limit URI length to 255 chars, to prevent a DoS of the QR-Code dialog + if (ret.length() < 256) + return ret; + else + return QString(""); } void QRCodeDialog::on_lnReqAmount_textChanged(const QString &arg1) |