CVE-2011-3365 kdelibs: input validation failure in KSSL (#743056)
This commit is contained in:
parent
b847bb7dcc
commit
6ab5508030
61
kdelibs-4.6.5-CVE-2011-3365-kio.patch
Normal file
61
kdelibs-4.6.5-CVE-2011-3365-kio.patch
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
t 90607b28d21fefc43657ca08b889bdb174c31fab
|
||||||
|
Author: David Faure <faure@kde.org>
|
||||||
|
Date: Wed Sep 28 17:26:47 2011 +0200
|
||||||
|
|
||||||
|
Use HTML escaping on texts that come from the website
|
||||||
|
|
||||||
|
Interestingly enough, this is yet another use case for moving Qt::escape
|
||||||
|
to QtCore, which I made a merge request for.
|
||||||
|
(cherry picked from commit 86622e4db182f4b914169f72ebd1e66d708e9f87)
|
||||||
|
|
||||||
|
diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
|
||||||
|
index 33f4cb1..6447a02 100644
|
||||||
|
--- a/kioslave/http/http.cpp
|
||||||
|
+++ b/kioslave/http/http.cpp
|
||||||
|
@@ -99,6 +99,27 @@
|
||||||
|
//authentication handlers
|
||||||
|
#include "httpauthentication.cpp"
|
||||||
|
|
||||||
|
+// KDE5 TODO (QT5) : use QString::htmlEscape or whatever https://qt.gitorious.org/qt/qtbase/merge_requests/56
|
||||||
|
+// ends up with.
|
||||||
|
+static QString htmlEscape(const QString &plain)
|
||||||
|
+{
|
||||||
|
+ QString rich;
|
||||||
|
+ rich.reserve(int(plain.length() * 1.1));
|
||||||
|
+ for (int i = 0; i < plain.length(); ++i) {
|
||||||
|
+ if (plain.at(i) == QLatin1Char('<'))
|
||||||
|
+ rich += QLatin1String("<");
|
||||||
|
+ else if (plain.at(i) == QLatin1Char('>'))
|
||||||
|
+ rich += QLatin1String(">");
|
||||||
|
+ else if (plain.at(i) == QLatin1Char('&'))
|
||||||
|
+ rich += QLatin1String("&");
|
||||||
|
+ else if (plain.at(i) == QLatin1Char('"'))
|
||||||
|
+ rich += QLatin1String(""");
|
||||||
|
+ else
|
||||||
|
+ rich += plain.at(i);
|
||||||
|
+ }
|
||||||
|
+ rich.squeeze();
|
||||||
|
+ return rich;
|
||||||
|
+}
|
||||||
|
|
||||||
|
// see filenameFromUrl(): a sha1 hash is 160 bits
|
||||||
|
static const int s_hashedUrlBits = 160; // this number should always be divisible by eight
|
||||||
|
@@ -3410,7 +3431,7 @@ endParsing:
|
||||||
|
authinfo.url = reqUrl;
|
||||||
|
authinfo.keepPassword = true;
|
||||||
|
authinfo.comment = i18n("<b>%1</b> at <b>%2</b>",
|
||||||
|
- authinfo.realmValue, authinfo.url.host());
|
||||||
|
+ htmlEscape(authinfo.realmValue), authinfo.url.host());
|
||||||
|
|
||||||
|
if (!openPasswordDialog(authinfo, errorMsg)) {
|
||||||
|
if (sendErrorPageNotification()) {
|
||||||
|
@@ -5122,7 +5143,7 @@ void HTTPProtocol::proxyAuthenticationForSocket(const QNetworkProxy &proxy, QAut
|
||||||
|
"to access any sites.");
|
||||||
|
info.keepPassword = true;
|
||||||
|
info.commentLabel = i18n("Proxy:");
|
||||||
|
- info.comment = i18n("<b>%1</b> at <b>%2</b>", info.realmValue, m_request.proxyUrl.host());
|
||||||
|
+ info.comment = i18n("<b>%1</b> at <b>%2</b>", htmlEscape(info.realmValue), m_request.proxyUrl.host());
|
||||||
|
const bool dataEntered = openPasswordDialog(info, i18n("Proxy Authentication Failed."));
|
||||||
|
if (!dataEntered) {
|
||||||
|
kDebug(7103) << "looks like the user canceled proxy authentication.";
|
||||||
|
|
25
kdelibs-4.6.5-CVE-2011-3365-kssl.patch
Normal file
25
kdelibs-4.6.5-CVE-2011-3365-kssl.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
commit 9ca2b26fc67c3f921e1943c1725fca623e395854
|
||||||
|
Author: David Faure <faure@kde.org>
|
||||||
|
Date: Thu Jun 30 23:43:45 2011 +0200
|
||||||
|
|
||||||
|
Security fix: don't interpret html tags
|
||||||
|
|
||||||
|
Credits to Tim Brown for the find.
|
||||||
|
(cherry picked from commit bd70d4e589711fda9ab07738c46e37eee8376214)
|
||||||
|
|
||||||
|
diff --git a/kio/kssl/ksslcertificatebox.cpp b/kio/kssl/ksslcertificatebox.cpp
|
||||||
|
index 4ffc613..094787a 100644
|
||||||
|
--- a/kio/kssl/ksslcertificatebox.cpp
|
||||||
|
+++ b/kio/kssl/ksslcertificatebox.cpp
|
||||||
|
@@ -36,6 +36,10 @@ KSslCertificateBox::KSslCertificateBox(QWidget *parent)
|
||||||
|
d(new KSslCertificateBoxPrivate())
|
||||||
|
{
|
||||||
|
d->ui.setupUi(this);
|
||||||
|
+ // No fooling us with html tags
|
||||||
|
+ Q_FOREACH(QLabel* label, qFindChildren<QLabel *>(this)) {
|
||||||
|
+ label->setTextFormat(Qt::PlainText);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
10
kdelibs.spec
10
kdelibs.spec
@ -20,7 +20,7 @@
|
|||||||
|
|
||||||
Summary: KDE Libraries
|
Summary: KDE Libraries
|
||||||
Version: 4.6.5
|
Version: 4.6.5
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
|
|
||||||
Name: kdelibs
|
Name: kdelibs
|
||||||
Epoch: 6
|
Epoch: 6
|
||||||
@ -121,6 +121,9 @@ Patch102: kdelibs-4.6.4-kstatusnotifieritemdbus_leak.patch
|
|||||||
## security fix
|
## security fix
|
||||||
# Not Upstreamed? why not ? -- Rex
|
# Not Upstreamed? why not ? -- Rex
|
||||||
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=743056
|
||||||
|
Patch201: kdelibs-4.6.5-CVE-2011-3365-kio.patch
|
||||||
|
Patch202: kdelibs-4.6.5-CVE-2011-3365-kssl.patch
|
||||||
|
|
||||||
## Fedora specific patches
|
## Fedora specific patches
|
||||||
# make forcefully hal-free build
|
# make forcefully hal-free build
|
||||||
@ -303,6 +306,8 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
|||||||
|
|
||||||
# security fix
|
# security fix
|
||||||
%patch200 -p1 -b .CVE-2009-2702
|
%patch200 -p1 -b .CVE-2009-2702
|
||||||
|
%patch201 -p1 -b .CVE-2011-3365-kio
|
||||||
|
%patch202 -p1 -b .CVE-2011-3365-kssl
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%if 0%{?halectomy}
|
%if 0%{?halectomy}
|
||||||
@ -555,6 +560,9 @@ rm -rf %{buildroot}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 11 2011 Rex Dieter <rdieter@fedoraproject.org> 4.6.5-6
|
||||||
|
- CVE-2011-3365 kdelibs: input validation failure in KSSL (#743056)
|
||||||
|
|
||||||
* Sat Oct 08 2011 Rex Dieter <rdieter@fedoraproject.org> 4.6.5-5
|
* Sat Oct 08 2011 Rex Dieter <rdieter@fedoraproject.org> 4.6.5-5
|
||||||
- Provides: kate-part
|
- Provides: kate-part
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user