From 802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@nokia.com>
Date: Mon, 24 Aug 2009 11:33:34 +0200
Subject: [PATCH] Fix parsing of Subject Alternate Names in Qt.

Simple misuse of QLatin1String. Use QString::fromLatin1 instead and
avoid the QByteArray temporary.

Reviewed-by: Andreas Aardal Hanssen
Tracking: CVE-2009-2700
---
 src/network/ssl/qsslcertificate.cpp                |    2 +-
 .../more-certificates/badguy-nul-san.crt           |   83 ++++++++++++++++++++
 tests/auto/qsslcertificate/tst_qsslcertificate.cpp |   21 +++++
 3 files changed, 105 insertions(+), 1 deletions(-)
 create mode 100644 tests/auto/qsslcertificate/more-certificates/badguy-nul-san.crt

diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index d62c911..b5df35c 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -377,7 +377,7 @@ QMultiMap<QSsl::AlternateNameEntryType, QString> QSslCertificate::alternateSubje
             }
 
             const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
-            const QString altName = QLatin1String(QByteArray(altNameStr, len));
+            const QString altName = QString::fromLatin1(altNameStr, len);
             if (genName->type == GEN_DNS)
                 result.insert(QSsl::DnsEntry, altName);
             else if (genName->type == GEN_EMAIL)