From c816e01003a8ea434b21801c898e4d68c44cc99f Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Wed, 9 Nov 2011 16:10:59 +0100 Subject: [PATCH] better fix --- kdelibs-4.7.3-CVE-0046.patch | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/kdelibs-4.7.3-CVE-0046.patch b/kdelibs-4.7.3-CVE-0046.patch index f89eb6d..9108d7a 100644 --- a/kdelibs-4.7.3-CVE-0046.patch +++ b/kdelibs-4.7.3-CVE-0046.patch @@ -1,12 +1,16 @@ diff -up kdelibs-4.7.3/khtml/css/cssparser.cpp.orig kdelibs-4.7.3/khtml/css/cssparser.cpp --- kdelibs-4.7.3/khtml/css/cssparser.cpp.orig 2011-11-07 19:14:53.000000000 +0100 -+++ kdelibs-4.7.3/khtml/css/cssparser.cpp 2011-11-07 19:15:21.000000000 +0100 -@@ -2283,7 +2283,7 @@ bool CSSParser::parseFontFaceSrc() - Value* a = args->current(); - uriValue = 0; - parsedValue = new CSSFontFaceSrcValueImpl( domString( a->string ), true /*local src*/ ); -- } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue) { -+ } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue && (args->current()->unit == CSSPrimitiveValue::CSS_STRING || args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) { ++++ kdelibs-4.7.3/khtml/css/cssparser.cpp 2011-11-09 16:02:11.000000000 +0100 +@@ -2275,8 +2275,11 @@ bool CSSParser::parseFontFaceSrc() + expectComma = true; + } else if (val->unit == Value::Function) { + // There are two allowed functions: local() and format(). ++ // For both we expect a string argument + ValueList *args = val->function->args; +- if (args && args->size() == 1) { ++ if (args && args->size() == 1 && ++ (args->current()->unit == CSSPrimitiveValue::CSS_STRING || ++ args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) { + if (!strcasecmp(domString(val->function->name), "local(") && !expectComma) { expectComma = true; allowFormat = false; - uriValue->setFormat( domString( args->current()->string ) );