[kdelibs/f16] Resolves #743056 - CVE-2011-3365 kdelibs: input validation failure in KSSL
Lukas Tinkl
ltinkl at fedoraproject.org
Tue Oct 4 16:40:34 UTC 2011
commit a9bbddacb9202f1f7b800d9b62399f219867931e
Author: Lukas Tinkl <lukas at kde.org>
Date: Tue Oct 4 17:41:35 2011 +0200
Resolves #743056 - CVE-2011-3365 kdelibs: input validation failure in KSSL
kdelibs-4.7.1-CVE-2011-3365.patch | 63 +++++++++++++++++++++++++++++++++++++
kdelibs.spec | 11 +++++-
2 files changed, 72 insertions(+), 2 deletions(-)
---
diff --git a/kdelibs-4.7.1-CVE-2011-3365.patch b/kdelibs-4.7.1-CVE-2011-3365.patch
new file mode 100644
index 0000000..3506dee
--- /dev/null
+++ b/kdelibs-4.7.1-CVE-2011-3365.patch
@@ -0,0 +1,63 @@
+diff -ur kdelibs-orig/kio/kssl/ksslcertificatebox.cpp kdelibs-4.7.1/kio/kssl/ksslcertificatebox.cpp
+--- kdelibs-orig/kio/kssl/ksslcertificatebox.cpp 2011-05-20 22:24:54.000000000 +0200
++++ kdelibs-4.7.1/kio/kssl/ksslcertificatebox.cpp 2011-10-04 18:05:51.542741747 +0200
+@@ -36,6 +36,10 @@
+ d(new KSslCertificateBoxPrivate())
+ {
+ d->ui.setupUi(this);
++ // No fooling us with html tags
++ Q_FOREACH(QLabel* label, qFindChildren<QLabel *>(this)) {
++ label->setTextFormat(Qt::PlainText);
++ }
+ }
+
+
+diff -ur kdelibs-orig/kioslave/http/http.cpp kdelibs-4.7.1/kioslave/http/http.cpp
+--- kdelibs-orig/kioslave/http/http.cpp 2011-08-22 15:22:03.000000000 +0200
++++ kdelibs-4.7.1/kioslave/http/http.cpp 2011-10-04 18:05:51.544741717 +0200
+@@ -86,6 +86,27 @@
+ //string parsing helpers and HeaderTokenizer implementation
+ #include "parsinghelpers.cpp"
+
++// KDE5 TODO (QT5) : use QString::htmlEscape or whatever https://qt.gitorious.org/qt/qtbase/merge_requests/56
++// ends up with.
++static QString htmlEscape(const QString &plain)
++{
++ QString rich;
++ rich.reserve(int(plain.length() * 1.1));
++ for (int i = 0; i < plain.length(); ++i) {
++ if (plain.at(i) == QLatin1Char('<'))
++ rich += QLatin1String("<");
++ else if (plain.at(i) == QLatin1Char('>'))
++ rich += QLatin1String(">");
++ else if (plain.at(i) == QLatin1Char('&'))
++ rich += QLatin1String("&");
++ else if (plain.at(i) == QLatin1Char('"'))
++ rich += QLatin1String(""");
++ else
++ rich += plain.at(i);
++ }
++ rich.squeeze();
++ return rich;
++}
+
+ // see filenameFromUrl(): a sha1 hash is 160 bits
+ static const int s_hashedUrlBits = 160; // this number should always be divisible by eight
+@@ -3431,7 +3452,7 @@
+ authinfo.url = reqUrl;
+ authinfo.keepPassword = true;
+ authinfo.comment = i18n("<b>%1</b> at <b>%2</b>",
+- authinfo.realmValue, authinfo.url.host());
++ htmlEscape(authinfo.realmValue), authinfo.url.host());
+
+ if (!openPasswordDialog(authinfo, errorMsg)) {
+ if (sendErrorPageNotification()) {
+@@ -5262,7 +5283,7 @@
+ "to access any sites.");
+ info.keepPassword = true;
+ info.commentLabel = i18n("Proxy:");
+- info.comment = i18n("<b>%1</b> at <b>%2</b>", info.realmValue, m_request.proxyUrl.host());
++ info.comment = i18n("<b>%1</b> at <b>%2</b>", htmlEscape(info.realmValue), m_request.proxyUrl.host());
+ const bool dataEntered = openPasswordDialog(info, i18n("Proxy Authentication Failed."));
+ if (!dataEntered) {
+ kDebug(7103) << "looks like the user canceled proxy authentication.";
diff --git a/kdelibs.spec b/kdelibs.spec
index a5b2ba2..08e385b 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -20,7 +20,7 @@
Summary: KDE Libraries
Version: 4.7.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Name: kdelibs
Epoch: 6
@@ -127,6 +127,9 @@ Patch51: kdelibs-4.6.2-uri_mimetypes.patch
# Not Upstreamed? why not ? -- Rex
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
+# kdelibs KSSL/kio_http vulnerability
+Patch201: kdelibs-4.7.1-CVE-2011-3365.patch
+
## Fedora specific patches
# make forcefully hal-free build
Patch300: kdelibs-4.6.80-halectomy.patch
@@ -313,8 +316,9 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
# upstream patches
-# security fix
+# security fixes
%patch200 -p1 -b .CVE-2009-2702
+%patch201 -p1 -b .CVE-2011-3365
# Fedora patches
%patch300 -p1 -b .halectomy
@@ -561,6 +565,9 @@ rm -rf %{buildroot}
%changelog
+* Tue Oct 04 2011 Lukas Tinkl <ltinkl at redhat.com> - 4.7.1-2
+- Resolves #743056 - CVE-2011-3365 kdelibs: input validation failure in KSSL
+
* Fri Sep 02 2011 Than Ngo <than at redhat.com> - 4.7.1-1
- 4.7.1
More information about the scm-commits
mailing list