You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.3 KiB
51 lines
1.3 KiB
From e786483fb4b6fd2460c9a58ad7074e82ecf91747 Mon Sep 17 00:00:00 2001 |
|
From: Tomas Hoger <thoger@redhat.com> |
|
Date: Thu, 19 Aug 2021 16:50:02 +0200 |
|
Subject: [PATCH] Upstream patch for CVE-2021-38165 |
|
|
|
Extracted from lynx 2.9.0dev.9. |
|
|
|
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1994998#c2 |
|
--- |
|
WWW/Library/Implementation/HTTP.c | 18 ++++++++++++++++++ |
|
1 file changed, 18 insertions(+) |
|
|
|
diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c |
|
index 41ab849..4a50b41 100644 |
|
--- a/WWW/Library/Implementation/HTTP.c |
|
+++ b/WWW/Library/Implementation/HTTP.c |
|
@@ -762,6 +762,23 @@ static char *StripIpv6Brackets(char *host) |
|
} |
|
#endif |
|
|
|
+/* |
|
+ * Remove user/password, if any, from the given host-string. |
|
+ */ |
|
+#ifdef USE_SSL |
|
+static char *StripUserAuthents(char *host) |
|
+{ |
|
+ char *p = strchr(host, '@'); |
|
+ |
|
+ if (p != NULL) { |
|
+ char *q = host; |
|
+ |
|
+ while ((*q++ = *++p) != '\0') ; |
|
+ } |
|
+ return host; |
|
+} |
|
+#endif |
|
+ |
|
/* Load Document from HTTP Server HTLoadHTTP() |
|
* ============================== |
|
* |
|
@@ -957,6 +974,7 @@ static int HTLoadHTTP(const char *arg, |
|
/* get host we're connecting to */ |
|
ssl_host = HTParse(url, "", PARSE_HOST); |
|
ssl_host = StripIpv6Brackets(ssl_host); |
|
+ ssl_host = StripUserAuthents(ssl_host); |
|
#if defined(USE_GNUTLS_FUNCS) |
|
ret = gnutls_server_name_set(handle->gnutls_state, |
|
GNUTLS_NAME_DNS, |
|
-- |
|
2.31.1 |
|
|
|
|