Make HttpAssetProvider::ParseHttpDate code safe when Tundra is built without Boost

realXtend / tundra

realXtend Tundra SDK, a 3D virtual world application platform.

www.realxtend.org

Apache License 2.0

84 stars 70 forks source link

Make HttpAssetProvider::ParseHttpDate code safe when Tundra is built without Boost #689

Closed Stinkfist0 closed 11 years ago

Stinkfist0 commented 11 years ago

HttpAssetProvider::ParseHttpDate contains unsafe code (sscanf) that can crash on malformed input when Tundra is built without Boost. Make the code safe by using regex validation for the input and remove the Boost code path entirely.

erno commented 11 years ago

Qt HTTP client seems to provide this, https://www.developer.nokia.com/Community/Wiki/Network_caching_in_Qt

[...] // Get and display the last modified header QVariant lmod = reply->header( QNetworkRequest::LastModifiedHeader ); if ( lmod.isValid() ) { QDateTime lmodDate = lmod.toDateTime(); QString lmodStr = lmodDate.toString( "dd.MM.yyyy" ); QMessageBox::information( this, "Last Modified", lmodStr, "ok" ); [....]

jonnenauha commented 11 years ago

Oh, that's a nice find @erno! Seems that it does indeed return a QDateTime directly in the QVariant http://qt-project.org/doc/qt-4.8/qnetworkrequest.html#KnownHeaders-enum