From a9bbddacb9202f1f7b800d9b62399f219867931e Mon Sep 17 00:00:00 2001 From: Lukas Tinkl Date: Tue, 4 Oct 2011 17:41:35 +0200 Subject: [PATCH] Resolves #743056 - CVE-2011-3365 kdelibs: input validation failure in KSSL --- kdelibs-4.7.1-CVE-2011-3365.patch | 63 +++++++++++++++++++++++++++++++ kdelibs.spec | 11 +++++- 2 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 kdelibs-4.7.1-CVE-2011-3365.patch diff --git a/kdelibs-4.7.1-CVE-2011-3365.patch b/kdelibs-4.7.1-CVE-2011-3365.patch new file mode 100644 index 0000000..3506dee --- /dev/null +++ b/kdelibs-4.7.1-CVE-2011-3365.patch @@ -0,0 +1,63 @@ +diff -ur kdelibs-orig/kio/kssl/ksslcertificatebox.cpp kdelibs-4.7.1/kio/kssl/ksslcertificatebox.cpp +--- kdelibs-orig/kio/kssl/ksslcertificatebox.cpp 2011-05-20 22:24:54.000000000 +0200 ++++ kdelibs-4.7.1/kio/kssl/ksslcertificatebox.cpp 2011-10-04 18:05:51.542741747 +0200 +@@ -36,6 +36,10 @@ + d(new KSslCertificateBoxPrivate()) + { + d->ui.setupUi(this); ++ // No fooling us with html tags ++ Q_FOREACH(QLabel* label, qFindChildren(this)) { ++ label->setTextFormat(Qt::PlainText); ++ } + } + + +diff -ur kdelibs-orig/kioslave/http/http.cpp kdelibs-4.7.1/kioslave/http/http.cpp +--- kdelibs-orig/kioslave/http/http.cpp 2011-08-22 15:22:03.000000000 +0200 ++++ kdelibs-4.7.1/kioslave/http/http.cpp 2011-10-04 18:05:51.544741717 +0200 +@@ -86,6 +86,27 @@ + //string parsing helpers and HeaderTokenizer implementation + #include "parsinghelpers.cpp" + ++// KDE5 TODO (QT5) : use QString::htmlEscape or whatever https://qt.gitorious.org/qt/qtbase/merge_requests/56 ++// ends up with. ++static QString htmlEscape(const QString &plain) ++{ ++ QString rich; ++ rich.reserve(int(plain.length() * 1.1)); ++ for (int i = 0; i < plain.length(); ++i) { ++ if (plain.at(i) == QLatin1Char('<')) ++ rich += QLatin1String("<"); ++ else if (plain.at(i) == QLatin1Char('>')) ++ rich += QLatin1String(">"); ++ else if (plain.at(i) == QLatin1Char('&')) ++ rich += QLatin1String("&"); ++ else if (plain.at(i) == QLatin1Char('"')) ++ rich += QLatin1String("""); ++ else ++ rich += plain.at(i); ++ } ++ rich.squeeze(); ++ return rich; ++} + + // see filenameFromUrl(): a sha1 hash is 160 bits + static const int s_hashedUrlBits = 160; // this number should always be divisible by eight +@@ -3431,7 +3452,7 @@ + authinfo.url = reqUrl; + authinfo.keepPassword = true; + authinfo.comment = i18n("%1 at %2", +- authinfo.realmValue, authinfo.url.host()); ++ htmlEscape(authinfo.realmValue), authinfo.url.host()); + + if (!openPasswordDialog(authinfo, errorMsg)) { + if (sendErrorPageNotification()) { +@@ -5262,7 +5283,7 @@ + "to access any sites."); + info.keepPassword = true; + info.commentLabel = i18n("Proxy:"); +- info.comment = i18n("%1 at %2", info.realmValue, m_request.proxyUrl.host()); ++ info.comment = i18n("%1 at %2", htmlEscape(info.realmValue), m_request.proxyUrl.host()); + const bool dataEntered = openPasswordDialog(info, i18n("Proxy Authentication Failed.")); + if (!dataEntered) { + kDebug(7103) << "looks like the user canceled proxy authentication."; diff --git a/kdelibs.spec b/kdelibs.spec index a5b2ba2..08e385b 100644 --- a/kdelibs.spec +++ b/kdelibs.spec @@ -20,7 +20,7 @@ Summary: KDE Libraries Version: 4.7.1 -Release: 1%{?dist} +Release: 2%{?dist} Name: kdelibs Epoch: 6 @@ -127,6 +127,9 @@ Patch51: kdelibs-4.6.2-uri_mimetypes.patch # Not Upstreamed? why not ? -- Rex Patch200: kdelibs-4.3.1-CVE-2009-2702.patch +# kdelibs KSSL/kio_http vulnerability +Patch201: kdelibs-4.7.1-CVE-2011-3365.patch + ## Fedora specific patches # make forcefully hal-free build Patch300: kdelibs-4.6.80-halectomy.patch @@ -313,8 +316,9 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage # upstream patches -# security fix +# security fixes %patch200 -p1 -b .CVE-2009-2702 +%patch201 -p1 -b .CVE-2011-3365 # Fedora patches %patch300 -p1 -b .halectomy @@ -561,6 +565,9 @@ rm -rf %{buildroot} %changelog +* Tue Oct 04 2011 Lukas Tinkl - 4.7.1-2 +- Resolves #743056 - CVE-2011-3365 kdelibs: input validation failure in KSSL + * Fri Sep 02 2011 Than Ngo - 4.7.1-1 - 4.7.1