SOURCES: courier-webmail-sec_fix.patch (NEW) - security fix for we...
andree
andree at pld-linux.org
Thu Sep 1 00:29:42 CEST 2005
Author: andree Date: Wed Aug 31 22:29:40 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- security fix for webmail
---- Files affected:
SOURCES:
courier-webmail-sec_fix.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/courier-webmail-sec_fix.patch
diff -u /dev/null SOURCES/courier-webmail-sec_fix.patch:1.1
--- /dev/null Thu Sep 1 00:29:40 2005
+++ SOURCES/courier-webmail-sec_fix.patch Thu Sep 1 00:29:34 2005
@@ -0,0 +1,52 @@
+diff -Nur old/webmail/html.c new/webmail/html.c
+--- old/webmail/html.c 2003-10-06 00:16:13.000000000 +0000
++++ new/webmail/html.c 2005-08-31 21:32:48.117085448 +0000
+@@ -187,9 +187,16 @@
+ if (tai) ++tai->tagvaluelen;
+ }
+ if (*p) p++;
++ else
++ {
++ memset(tagbuf, ' ', strlen(tagbuf));
++ }
+ }
+ else
+ {
++ if (c == 0)
++ memset(tagbuf, ' ', strlen(tagbuf));
++
+ if (tai)
+ {
+ tai->tagvalue=p;
+@@ -222,6 +229,31 @@
+ while ((p=strchr(tagbuf, '<')) != NULL)
+ *p=' ';
+
++ for (p=tagbuf; *p; p++)
++ {
++ char *q;
++
++ if (*p != '&')
++ continue;
++
++ q=p;
++
++ ++p;
++
++ while (*p)
++ {
++ if (strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", *p) == NULL)
++ break;
++ ++p;
++ }
++
++ if (*p != ';')
++ {
++ *q=0;
++ }
++ --p;
++ }
++
+ tagattrlen=parseattr(0);
+ if ( tagattrlen > tagattrsize)
+ {
================================================================
More information about the pld-cvs-commit
mailing list