diff options
Diffstat (limited to 'kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch')
-rw-r--r-- | kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch new file mode 100644 index 000000000000..4fbd5e39ace1 --- /dev/null +++ b/kde-frameworks/kcoreaddons/files/kcoreaddons-5.27.0-CVE-2016-7966.patch @@ -0,0 +1,117 @@ +From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001 +From: Montel Laurent <montel@kde.org> +Date: Tue, 11 Oct 2016 11:11:08 +0200 +Subject: [PATCH] Add more autotests + +--- + autotests/ktexttohtmltest.cpp | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp +index c5690e8..0179a00 100644 +--- a/autotests/ktexttohtmltest.cpp ++++ b/autotests/ktexttohtmltest.cpp +@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data() + << KTextToHTML::Options(KTextToHTML::PreserveSpaces) + << "https://\"><!--"; + ++ QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" ++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) ++ << "https://192.168.1.1:\"><!--"; ++ ++ QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" ++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) ++ << "https://<IP>:\"><!--"; ++ ++ QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" ++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) ++ << "https://<IP>:/\"><!--"; ++ ++ QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" ++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) ++ << "https://<IP>:/\"><script>alert(1);</script><!--"; + } + + +-- +2.7.3 + +From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001 +From: Montel Laurent <montel@kde.org> +Date: Tue, 11 Oct 2016 11:40:10 +0200 +Subject: [PATCH] Display bad url + +--- + autotests/ktexttohtmltest.cpp | 14 +++++++++----- + src/lib/text/ktexttohtml.cpp | 18 +++++++++++++++++- + 2 files changed, 26 insertions(+), 6 deletions(-) + +diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp +index 0179a00..ccac29a 100644 +--- a/autotests/ktexttohtmltest.cpp ++++ b/autotests/ktexttohtmltest.cpp +@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data() + //Fix url exploit + QTest::newRow("url-exec-html") << "https://\"><!--" + << KTextToHTML::Options(KTextToHTML::PreserveSpaces) +- << "https://\"><!--"; ++ << "https://"><!--"; + + QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--" + << KTextToHTML::Options(KTextToHTML::PreserveSpaces) +- << "https://192.168.1.1:\"><!--"; ++ << "https://192.168.1.1:"><!--"; + + QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--" + << KTextToHTML::Options(KTextToHTML::PreserveSpaces) +- << "https://<IP>:\"><!--"; ++ << "https://<IP>:"><!--"; + + QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--" + << KTextToHTML::Options(KTextToHTML::PreserveSpaces) +- << "https://<IP>:/\"><!--"; ++ << "https://<IP>:/"><!--"; + + QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--" + << KTextToHTML::Options(KTextToHTML::PreserveSpaces) +- << "https://<IP>:/\"><script>alert(1);</script><!--"; ++ << "https://<IP>:/"><script>alert(1);</script><!--"; ++ ++ QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2" ++ << KTextToHTML::Options(KTextToHTML::PreserveSpaces) ++ << "https://<IP>:/"><script>alert(1);</script><!--\nTest2"; + } + + +diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp +index 97c5eab..30e0b5d 100644 +--- a/src/lib/text/ktexttohtml.cpp ++++ b/src/lib/text/ktexttohtml.cpp +@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML:: + bool badUrl = false; + str = helper.getUrl(&badUrl); + if (badUrl) { +- return helper.mText; ++ QString resultBadUrl; ++ const int helperTextSize(helper.mText.count()); ++ for (int i = 0; i < helperTextSize; ++i) { ++ const QChar chBadUrl = helper.mText[i]; ++ if (chBadUrl == QLatin1Char('&')) { ++ resultBadUrl += QLatin1String("&"); ++ } else if (chBadUrl == QLatin1Char('"')) { ++ resultBadUrl += QLatin1String("""); ++ } else if (chBadUrl == QLatin1Char('<')) { ++ resultBadUrl += QLatin1String("<"); ++ } else if (chBadUrl == QLatin1Char('>')) { ++ resultBadUrl += QLatin1String(">"); ++ } else { ++ resultBadUrl += chBadUrl; ++ } ++ } ++ return resultBadUrl; + } + if (!str.isEmpty()) { + QString hyperlink; +-- +2.7.3 + |