diff options
Diffstat (limited to 'kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966-r1.patch')
-rw-r--r-- | kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966-r1.patch | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966-r1.patch b/kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966-r1.patch new file mode 100644 index 000000000000..9bea5726d037 --- /dev/null +++ b/kde-apps/kdepimlibs/files/kdepimlibs-CVE-2016-7966-r1.patch @@ -0,0 +1,135 @@ +From 176fee25ca79145ab5c8e2275d248f1a46a8d8cf Mon Sep 17 00:00:00 2001 +From: Montel Laurent <montel@kde.org> +Date: Fri, 30 Sep 2016 15:55:35 +0200 +Subject: [PATCH] Backport avoid to transform as a url when we have a quote + +--- + kpimutils/linklocator.cpp | 30 +++++++++++++++++++++++++++--- + kpimutils/linklocator.h | 3 ++- + 2 files changed, 29 insertions(+), 4 deletions(-) + +diff --git a/kpimutils/linklocator.cpp b/kpimutils/linklocator.cpp +index f5d9afd..f30e8fc 100644 +--- a/kpimutils/linklocator.cpp ++++ b/kpimutils/linklocator.cpp +@@ -95,6 +95,12 @@ int LinkLocator::maxAddressLen() const + + QString LinkLocator::getUrl() + { ++ return getUrlAndCheckValidHref(); ++} ++ ++ ++QString LinkLocator::getUrlAndCheckValidHref(bool *badurl) ++{ + QString url; + if ( atUrl() ) { + // NOTE: see http://tools.ietf.org/html/rfc3986#appendix-A and especially appendix-C +@@ -129,13 +135,26 @@ QString LinkLocator::getUrl() + + url.reserve( maxUrlLen() ); // avoid allocs + int start = mPos; ++ bool previousCharIsADoubleQuote = false; + while ( ( mPos < (int)mText.length() ) && + ( mText[mPos].isPrint() || mText[mPos].isSpace() ) && + ( ( afterUrl.isNull() && !mText[mPos].isSpace() ) || + ( !afterUrl.isNull() && mText[mPos] != afterUrl ) ) ) { + if ( !mText[mPos].isSpace() ) { // skip whitespace +- url.append( mText[mPos] ); +- if ( url.length() > maxUrlLen() ) { ++ if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) { ++ //it's an invalid url ++ if (badurl) { ++ *badurl = true; ++ } ++ return QString(); ++ } ++ if (mText[mPos] == QLatin1Char('"')) { ++ previousCharIsADoubleQuote = true; ++ } else { ++ previousCharIsADoubleQuote = false; ++ } ++ url.append( mText[mPos] ); ++ if ( url.length() > maxUrlLen() ) { + break; + } + } +@@ -367,7 +386,12 @@ QString LinkLocator::convertToHtml( const QString &plainText, int flags, + } else { + const int start = locator.mPos; + if ( !( flags & IgnoreUrls ) ) { +- str = locator.getUrl(); ++ bool badUrl = false; ++ str = locator.getUrlAndCheckValidHref(&badUrl); ++ if (badUrl) { ++ return locator.mText; ++ } ++ + if ( !str.isEmpty() ) { + QString hyperlink; + if ( str.left( 4 ) == QLatin1String("www.") ) { +diff --git a/kpimutils/linklocator.h b/kpimutils/linklocator.h +index 3049397..375498d 100644 +--- a/kpimutils/linklocator.h ++++ b/kpimutils/linklocator.h +@@ -107,6 +107,7 @@ class KPIMUTILS_EXPORT LinkLocator + @return The URL at the current scan position, or an empty string. + */ + QString getUrl(); ++ QString getUrlAndCheckValidHref(bool *badurl = 0); + + /** + Attempts to grab an email address. If there is an @ symbol at the +@@ -155,7 +156,7 @@ class KPIMUTILS_EXPORT LinkLocator + */ + static QString pngToDataUrl( const QString & iconPath ); + +- protected: ++protected: + /** + The plaintext string being scanned for URLs and email addresses. + */ +-- +2.7.3 + +From 8bbe1bd3fdc55f609340edc667ff154b3d2aaab1 Mon Sep 17 00:00:00 2001 +From: Montel Laurent <montel@kde.org> +Date: Tue, 11 Oct 2016 11:47:41 +0200 +Subject: [PATCH] Backport show bad url text + +--- + kpimutils/linklocator.cpp | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/kpimutils/linklocator.cpp b/kpimutils/linklocator.cpp +index f30e8fc..4abe968 100644 +--- a/kpimutils/linklocator.cpp ++++ b/kpimutils/linklocator.cpp +@@ -389,7 +389,23 @@ QString LinkLocator::convertToHtml( const QString &plainText, int flags, + bool badUrl = false; + str = locator.getUrlAndCheckValidHref(&badUrl); + if (badUrl) { +- return locator.mText; ++ QString resultBadUrl; ++ const int helperTextSize(locator.mText.count()); ++ for (int i = 0; i < helperTextSize; ++i) { ++ const QChar chBadUrl = locator.mText[i]; ++ if (chBadUrl == QLatin1Char('&')) { ++ resultBadUrl += QLatin1String("&"); ++ } else if (chBadUrl == QLatin1Char('"')) { ++ resultBadUrl += QLatin1String("""); ++ } else if (chBadUrl == QLatin1Char('<')) { ++ resultBadUrl += QLatin1String("<"); ++ } else if (chBadUrl == QLatin1Char('>')) { ++ resultBadUrl += QLatin1String(">"); ++ } else { ++ resultBadUrl += chBadUrl; ++ } ++ } ++ return resultBadUrl; + } + + if ( !str.isEmpty() ) { +-- +2.7.3 + |