|
|
970feb |
From e786483fb4b6fd2460c9a58ad7074e82ecf91747 Mon Sep 17 00:00:00 2001
|
|
|
970feb |
From: Tomas Hoger <thoger@redhat.com>
|
|
|
970feb |
Date: Thu, 19 Aug 2021 16:50:02 +0200
|
|
|
970feb |
Subject: [PATCH] Upstream patch for CVE-2021-38165
|
|
|
970feb |
|
|
|
970feb |
Extracted from lynx 2.9.0dev.9.
|
|
|
970feb |
|
|
|
970feb |
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1994998#c2
|
|
|
970feb |
---
|
|
|
970feb |
WWW/Library/Implementation/HTTP.c | 18 ++++++++++++++++++
|
|
|
970feb |
1 file changed, 18 insertions(+)
|
|
|
970feb |
|
|
|
970feb |
diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c
|
|
|
970feb |
index 41ab849..4a50b41 100644
|
|
|
970feb |
--- a/WWW/Library/Implementation/HTTP.c
|
|
|
970feb |
+++ b/WWW/Library/Implementation/HTTP.c
|
|
|
970feb |
@@ -762,6 +762,23 @@ static char *StripIpv6Brackets(char *host)
|
|
|
970feb |
}
|
|
|
970feb |
#endif
|
|
|
970feb |
|
|
|
970feb |
+/*
|
|
|
970feb |
+ * Remove user/password, if any, from the given host-string.
|
|
|
970feb |
+ */
|
|
|
970feb |
+#ifdef USE_SSL
|
|
|
970feb |
+static char *StripUserAuthents(char *host)
|
|
|
970feb |
+{
|
|
|
970feb |
+ char *p = strchr(host, '@');
|
|
|
970feb |
+
|
|
|
970feb |
+ if (p != NULL) {
|
|
|
970feb |
+ char *q = host;
|
|
|
970feb |
+
|
|
|
970feb |
+ while ((*q++ = *++p) != '\0') ;
|
|
|
970feb |
+ }
|
|
|
970feb |
+ return host;
|
|
|
970feb |
+}
|
|
|
970feb |
+#endif
|
|
|
970feb |
+
|
|
|
970feb |
/* Load Document from HTTP Server HTLoadHTTP()
|
|
|
970feb |
* ==============================
|
|
|
970feb |
*
|
|
|
970feb |
@@ -957,6 +974,7 @@ static int HTLoadHTTP(const char *arg,
|
|
|
970feb |
/* get host we're connecting to */
|
|
|
970feb |
ssl_host = HTParse(url, "", PARSE_HOST);
|
|
|
970feb |
ssl_host = StripIpv6Brackets(ssl_host);
|
|
|
970feb |
+ ssl_host = StripUserAuthents(ssl_host);
|
|
|
970feb |
#if defined(USE_GNUTLS_FUNCS)
|
|
|
970feb |
ret = gnutls_server_name_set(handle->gnutls_state,
|
|
|
970feb |
GNUTLS_NAME_DNS,
|
|
|
970feb |
--
|
|
|
970feb |
2.31.1
|
|
|
970feb |
|