Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 290491 Details for
Bug 388051
<net-im/empathy-2.34.0-r2: HTML/web script injection vulnerabilities (CVE-2011-{3635,4170})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for empathy-2.32 and 2.34
empathy-2.32.2-theme_adium_append_message-escape-alias.patch (text/plain), 2.39 KB, created by
Alexandre Rostovtsev (RETIRED)
on 2011-10-21 23:27:50 UTC
(
hide
)
Description:
patch for empathy-2.32 and 2.34
Filename:
MIME Type:
Creator:
Alexandre Rostovtsev (RETIRED)
Created:
2011-10-21 23:27:50 UTC
Size:
2.39 KB
patch
obsolete
>From 192ce4dacc108f1b62e8ef752eeb5a2bee3d337f Mon Sep 17 00:00:00 2001 >From: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk> >Date: Tue, 18 Oct 2011 18:32:52 +0200 >Subject: [PATCH] theme_adium_append_message: escape alias before displaying > it > >Not doing so can lead to nasty HTML injection from hostile users. > >https://bugzilla.gnome.org/show_bug.cgi?id=662035 > >[Alexandre Rostovtsev <tetromino@gentoo.org>: backport to 2.32, and for > good measure, escape alias on /me-type events too] >--- > libempathy-gtk/empathy-theme-adium.c | 9 ++++++--- > 1 files changed, 6 insertions(+), 3 deletions(-) > >diff --git a/libempathy-gtk/empathy-theme-adium.c b/libempathy-gtk/empathy-theme-adium.c >index 8c6301e..08f79b4 100644 >--- a/libempathy-gtk/empathy-theme-adium.c >+++ b/libempathy-gtk/empathy-theme-adium.c >@@ -436,7 +436,7 @@ theme_adium_append_message (EmpathyChatView *view, > EmpathyThemeAdiumPriv *priv = GET_PRIV (theme); > EmpathyContact *sender; > TpAccount *account; >- gchar *body_escaped; >+ gchar *body_escaped, *name_escaped; > const gchar *body; > const gchar *name; > const gchar *contact_id; >@@ -468,17 +468,19 @@ theme_adium_append_message (EmpathyChatView *view, > body = empathy_message_get_body (msg); > body_escaped = theme_adium_parse_body (body); > name = empathy_contact_get_alias (sender); >+ name_escaped = g_markup_escape_text (name, -1); > contact_id = empathy_contact_get_id (sender); > > /* If this is a /me, append an event */ > if (empathy_message_get_tptype (msg) == TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) { > gchar *str; > >- str = g_strdup_printf ("%s %s", name, body_escaped); >+ str = g_strdup_printf ("%s %s", name_escaped, body_escaped); > theme_adium_append_event_escaped (view, str); > > g_free (str); > g_free (body_escaped); >+ g_free (name_escaped); > return; > } > >@@ -600,7 +602,7 @@ theme_adium_append_message (EmpathyChatView *view, > > if (html != NULL) { > theme_adium_append_html (theme, func, html, len, body_escaped, >- avatar_filename, name, contact_id, >+ avatar_filename, name_escaped, contact_id, > service_name, message_classes->str, > timestamp, is_backlog); > } else { >@@ -616,6 +618,7 @@ theme_adium_append_message (EmpathyChatView *view, > priv->last_is_backlog = is_backlog; > > g_free (body_escaped); >+ g_free (name_escaped); > g_string_free (message_classes, TRUE); > } > >-- >1.7.7 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=290491">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 388051
: 290491
