forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kde-frameworks/kcoreaddons: backport patch from upstream for CVE-2016…
…-7966 Gentoo-bug: 596224 Package-Manager: portage-2.3.1
- Loading branch information
1 parent
3be6a80
commit bd38ebe
Showing
2 changed files
with
155 additions
and
0 deletions.
There are no files selected for viewing
122 changes: 122 additions & 0 deletions
122
kde-frameworks/kcoreaddons/files/kcoreaddons-5.26.0-CVE-2016-7966.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
From 96e562d9138c100498da38e4c5b4091a226dde12 Mon Sep 17 00:00:00 2001 | ||
From: Montel Laurent <[email protected]> | ||
Date: Fri, 30 Sep 2016 13:21:45 +0200 | ||
Subject: [PATCH] Don't convert as url an url which has a " | ||
|
||
--- | ||
autotests/ktexttohtmltest.cpp | 6 ++++++ | ||
src/lib/text/ktexttohtml.cpp | 25 +++++++++++++++++++------ | ||
src/lib/text/ktexttohtml_p.h | 2 +- | ||
3 files changed, 26 insertions(+), 7 deletions(-) | ||
|
||
diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp | ||
index 8fc0c56..c5690e8 100644 | ||
--- a/autotests/ktexttohtmltest.cpp | ||
+++ b/autotests/ktexttohtmltest.cpp | ||
@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data() | ||
QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>" | ||
<< KTextToHTML::Options(KTextToHTML::PreserveSpaces) | ||
<< "foo <<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a><<a href=\"http://www.kde.org/\">http://www.kde.org/</a>>>"; | ||
+ | ||
+ //Fix url exploit | ||
+ QTest::newRow("url-exec-html") << "https://\"><!--" | ||
+ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) | ||
+ << "https://\"><!--"; | ||
+ | ||
} | ||
|
||
|
||
diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp | ||
index c70d062..97c5eab 100644 | ||
--- a/src/lib/text/ktexttohtml.cpp | ||
+++ b/src/lib/text/ktexttohtml.cpp | ||
@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl() | ||
(allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) { | ||
return false; | ||
} | ||
- | ||
QChar ch = mText[mPos]; | ||
return | ||
(ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") || | ||
@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url) | ||
url == QLatin1String("news://"); | ||
} | ||
|
||
-QString KTextToHTMLHelper::getUrl() | ||
+QString KTextToHTMLHelper::getUrl(bool *badurl) | ||
{ | ||
QString url; | ||
if (atUrl()) { | ||
@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl() | ||
url.reserve(mMaxUrlLen); // avoid allocs | ||
int start = mPos; | ||
bool previousCharIsSpace = false; | ||
+ bool previousCharIsADoubleQuote = false; | ||
while ((mPos < mText.length()) && | ||
(mText[mPos].isPrint() || mText[mPos].isSpace()) && | ||
((afterUrl.isNull() && !mText[mPos].isSpace()) || | ||
@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl() | ||
break; | ||
} | ||
previousCharIsSpace = false; | ||
+ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) { | ||
+ //it's an invalid url | ||
+ if (badurl) { | ||
+ *badurl = true; | ||
+ } | ||
+ return QString(); | ||
+ } | ||
+ if (mText[mPos] == QLatin1Char('"')) { | ||
+ previousCharIsADoubleQuote = true; | ||
+ } else { | ||
+ previousCharIsADoubleQuote = false; | ||
+ } | ||
url.append(mText[mPos]); | ||
if (url.length() > mMaxUrlLen) { | ||
break; | ||
@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: | ||
QChar ch; | ||
int x; | ||
bool startOfLine = true; | ||
- //qDebug()<<" plainText"<<plainText; | ||
|
||
for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length(); | ||
++helper.mPos, ++x) { | ||
@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: | ||
} else { | ||
const int start = helper.mPos; | ||
if (!(flags & IgnoreUrls)) { | ||
- str = helper.getUrl(); | ||
- //qDebug()<<" str"<<str; | ||
+ bool badUrl = false; | ||
+ str = helper.getUrl(&badUrl); | ||
+ if (badUrl) { | ||
+ return helper.mText; | ||
+ } | ||
if (!str.isEmpty()) { | ||
QString hyperlink; | ||
if (str.left(4) == QLatin1String("www.")) { | ||
@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: | ||
|
||
result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude); | ||
} | ||
- //qDebug()<<" result "<<result; | ||
|
||
return result; | ||
} | ||
diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h | ||
index 74ad7a0..fc43613 100644 | ||
--- a/src/lib/text/ktexttohtml_p.h | ||
+++ b/src/lib/text/ktexttohtml_p.h | ||
@@ -49,7 +49,7 @@ public: | ||
QString getEmailAddress(); | ||
bool atUrl(); | ||
bool isEmptyUrl(const QString &url); | ||
- QString getUrl(); | ||
+ QString getUrl(bool *badurl = Q_NULLPTR); | ||
QString pngToDataUrl(const QString &pngPath); | ||
QString highlightedText(); | ||
|
||
-- | ||
2.7.3 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# Copyright 1999-2016 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
# $Id$ | ||
|
||
EAPI=6 | ||
|
||
inherit kde5 | ||
|
||
DESCRIPTION="Framework for solving common problems such as caching, randomisation, and more" | ||
LICENSE="LGPL-2+" | ||
KEYWORDS="~amd64 ~arm ~x86" | ||
IUSE="fam nls" | ||
|
||
RDEPEND=" | ||
$(add_qt_dep qtcore 'icu') | ||
fam? ( virtual/fam ) | ||
!<kde-frameworks/kservice-5.2.0:5 | ||
" | ||
DEPEND="${RDEPEND} | ||
x11-misc/shared-mime-info | ||
nls? ( $(add_qt_dep linguist-tools) ) | ||
" | ||
|
||
PATCHES=( "${FILESDIR}/${P}-CVE-2016-7966.patch" ) | ||
|
||
src_configure() { | ||
local mycmakeargs=( | ||
-D_KDE4_DEFAULT_HOME_POSTFIX=4 | ||
$(cmake-utils_use_find_package fam FAM) | ||
) | ||
|
||
kde5_src_configure | ||
} |