diff options
author | Jaka Kranjc | 2007-04-03 16:12:15 +0200 |
---|---|---|
committer | Jaka Kranjc | 2007-04-03 16:12:15 +0200 |
commit | ea8c614723b28eba92ef86f70233556a73051583 (patch) | |
tree | 796bd4e707c40870eddfa06d5db2ffd3f77268f3 | |
parent | d8835beb7b99116f7f6079a92a326d5f7e148d64 (diff) |
kdelibs - fix bug#13672
(cherry picked from commit b58278b3d8ce334c05ebc729396316f39392e79b)
Conflicts:
kde-core/kdelibs/HISTORY
-rw-r--r-- | kde-core/kdelibs/CVE-2007-1564-kdelibs-3.5.6.diff | 81 | ||||
-rwxr-xr-x | kde-core/kdelibs/DETAILS | 2 | ||||
-rw-r--r-- | kde-core/kdelibs/HISTORY | 10 | ||||
-rwxr-xr-x | kde-core/kdelibs/PRE_BUILD | 1 |
4 files changed, 92 insertions, 2 deletions
diff --git a/kde-core/kdelibs/CVE-2007-1564-kdelibs-3.5.6.diff b/kde-core/kdelibs/CVE-2007-1564-kdelibs-3.5.6.diff new file mode 100644 index 0000000000..b026d67a3d --- /dev/null +++ b/kde-core/kdelibs/CVE-2007-1564-kdelibs-3.5.6.diff @@ -0,0 +1,81 @@ +--- khtml/ecma/kjs_html.cpp ++++ khtml/ecma/kjs_html.cpp +@@ -1866,9 +1866,11 @@ Value KJS::HTMLElement::getValueProperty + getDOMNode(exec, frameElement.contentDocument()) : Undefined(); + case FrameContentWindow: { + KHTMLPart* part = static_cast<DOM::HTMLFrameElementImpl*>(frameElement.handle())->contentPart(); +- if (part) +- return Value(Window::retrieveWindow(part)); +- else ++ if (part) { ++ Window *w = Window::retrieveWindow(part); ++ if (w) ++ return Value(w); ++ } + return Undefined(); + } + case FrameFrameBorder: return String(frameElement.frameBorder()); +@@ -1899,9 +1901,11 @@ Value KJS::HTMLElement::getValueProperty + getDOMNode(exec, iFrame.contentDocument()) : Undefined(); + case IFrameContentWindow: { + KHTMLPart* part = static_cast<DOM::HTMLIFrameElementImpl*>(iFrame.handle())->contentPart(); +- if (part) +- return Value(Window::retrieveWindow(part)); +- else ++ if (part) { ++ Window *w = Window::retrieveWindow(part); ++ if (w) ++ return Value(w); ++ } + return Undefined(); + } + case IFrameFrameBorder: return String(iFrame.frameBorder()); +--- kioslave/ftp/ftp.cc ++++ kioslave/ftp/ftp.cc +@@ -58,6 +58,7 @@ + #include <kmimemagic.h> + #include <kmimetype.h> + #include <ksockaddr.h> ++#include <ksocketaddress.h> + #include <kio/ioslave_defaults.h> + #include <kio/slaveconfig.h> + #include <kremoteencoding.h> +@@ -835,7 +836,6 @@ bool Ftp::ftpSendCmd( const QCString& cm + return true; + } + +- + /* + * ftpOpenPASVDataConnection - set up data connection, using PASV mode + * +@@ -853,6 +853,8 @@ int Ftp::ftpOpenPASVDataConnection() + if (sa != NULL && sa->family() != PF_INET) + return ERR_INTERNAL; // no PASV for non-PF_INET connections + ++ const KInetSocketAddress *sin = static_cast<const KInetSocketAddress*>(sa); ++ + if (m_extControl & pasvUnknown) + return ERR_INTERNAL; // already tried and got "unknown command" + +@@ -886,14 +888,17 @@ int Ftp::ftpOpenPASVDataConnection() + } + + // Make hostname and port number ... +- QString host; +- host.sprintf("%d.%d.%d.%d", i[0], i[1], i[2], i[3]); + int port = i[4] << 8 | i[5]; + ++ // we ignore the host part on purpose for two reasons ++ // a) it might be wrong anyway ++ // b) it would make us being suceptible to a port scanning attack ++ + // now connect the data socket ... + m_data = new FtpSocket("PASV"); +- m_data->setAddress(host, port); +- kdDebug(7102) << "Connecting to " << host << " on port " << port << endl; ++ m_data->setAddress(sin->nodeName(), port); ++ ++ kdDebug(7102) << "Connecting to " << sin->nodeName() << " on port " << port << endl; + return m_data->connectSocket(connectTimeout(), false); + } + diff --git a/kde-core/kdelibs/DETAILS b/kde-core/kdelibs/DETAILS index 2fc3b834df..859f47aefe 100755 --- a/kde-core/kdelibs/DETAILS +++ b/kde-core/kdelibs/DETAILS @@ -8,7 +8,7 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION SOURCE_URL[0]=$KDE_URL/stable/${VERSION//.0/}/src/$SOURCE WEB_SITE=http://www.kde.org ENTERED=20020912 - SECURITY_PATCH=2 + SECURITY_PATCH=3 LICENSE[0]=GPL KEYWORDS="kde" SHORT="Base applications that form the core of KDE." diff --git a/kde-core/kdelibs/HISTORY b/kde-core/kdelibs/HISTORY index f5b558d6d4..6b3bc87cbd 100644 --- a/kde-core/kdelibs/HISTORY +++ b/kde-core/kdelibs/HISTORY @@ -1,4 +1,12 @@ -2007-03-08 Treeve Jelbert <treeve01@pi.be> +2007-04-02 Treeve Jelbert <treeve@sourcemage.org> + * DETAILS: SECURITY_PATCH++ + * CVE-2007-1564-kdelibs-3.5.6.diff: added + * PRE_BUILD: apply patch + security fix CVE-2007-1564 + URL: http://www.kde.org/info/security/advisory-20070326-1.txt + fixes bug #13672 + +2007-03-08 Treeve Jelbert <treeve@sourcemage.org> * DETAILS: SECURITY_PATCH * PRE_BUILD, post-3.5.6-kdelibs.diff:add security fix CVE-2007-0537 diff --git a/kde-core/kdelibs/PRE_BUILD b/kde-core/kdelibs/PRE_BUILD index 13e482626d..cab47ecd48 100755 --- a/kde-core/kdelibs/PRE_BUILD +++ b/kde-core/kdelibs/PRE_BUILD @@ -1,3 +1,4 @@ default_pre_build && cd $SOURCE_DIRECTORY && +patch -p0 < $SPELL_DIRECTORY/CVE-2007-1564-kdelibs-3.5.6.diff && patch -p0 < $SPELL_DIRECTORY/post-3.5.6-kdelibs.diff |