diff options
| author | lofi <lofi@FreeBSD.org> | 2007-03-31 02:15:08 +0800 |
|---|---|---|
| committer | lofi <lofi@FreeBSD.org> | 2007-03-31 02:15:08 +0800 |
| commit | 646d6df63788ba69971c5f052bac517cb1006d88 (patch) | |
| tree | 9985ab2b7714ff28c1bf2a81f8a27c9ab3036de5 /x11/kdelibs4 | |
| parent | dce24aa2b246cd9e44ec8bdc72bf5fffcd089052 (diff) | |
| download | freebsd-ports-gnome-646d6df63788ba69971c5f052bac517cb1006d88.tar.gz freebsd-ports-gnome-646d6df63788ba69971c5f052bac517cb1006d88.tar.zst freebsd-ports-gnome-646d6df63788ba69971c5f052bac517cb1006d88.zip | |
Fix handling of overlong UTF8 sequences in Qt and kdelibs, which, unpatched,
introduces XSS vulnerabilities in Konqueror and potentially affect any
Qt/KDE applications which deal with URLs or paths from untrusted locations.
Security: CVE-2007-0242
Diffstat (limited to 'x11/kdelibs4')
| -rw-r--r-- | x11/kdelibs4/Makefile | 2 | ||||
| -rw-r--r-- | x11/kdelibs4/files/patch-kdelibs-kjs | 38 |
2 files changed, 39 insertions, 1 deletions
diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile index 29e6ba4a6d11..ae053ee1e061 100644 --- a/x11/kdelibs4/Makefile +++ b/x11/kdelibs4/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdelibs PORTVERSION= ${KDE_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 kde ipv6 MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdelibs4/files/patch-kdelibs-kjs b/x11/kdelibs4/files/patch-kdelibs-kjs new file mode 100644 index 000000000000..ca4456320ee9 --- /dev/null +++ b/x11/kdelibs4/files/patch-kdelibs-kjs @@ -0,0 +1,38 @@ +------------------------------------------------------------------------ +r645387 | porten | 2007-03-22 15:01:13 +0100 (Thu, 22 Mar 2007) | 4 lines + +substitute some of the invalid sequences with the standard replacement +char. this matches Mozilla but not IE which leaves them unchanged (or +throws an exception) + +------------------------------------------------------------------------ +--- kjs/function.cpp ++++ kjs/function.cpp +@@ -244,11 +244,15 @@ UString decodeURI(ExecState *exec, UStri + } + + // UTF-8 transform ++ const unsigned long replacementChar = 0xFFFD; + unsigned long V; + if (n == 2) { + unsigned long yyyyy = octets[0] & 0x1F; + unsigned long zzzzzz = octets[1] & 0x3F; + V = (yyyyy << 6) | zzzzzz; ++ // 2-byte sequence overlong for this value? ++ if (V < 0xFF) ++ V = replacementChar; + C = UChar((unsigned short)V); + } + else if (n == 3) { +@@ -256,6 +260,11 @@ UString decodeURI(ExecState *exec, UStri + unsigned long yyyyyy = octets[1] & 0x3F; + unsigned long zzzzzz = octets[2] & 0x3F; + V = (xxxx << 12) | (yyyyyy << 6) | zzzzzz; ++ // 3-byte sequence overlong for this value, ++ // an invalid value or UTF-16 surrogate? ++ if (V < 0x800 || V == 0xFFFE || V == 0xFFFF || ++ (V >= 0xD800 && V <= 0xDFFF)) ++ V = replacementChar; + C = UChar((unsigned short)V); + } + else { |