ucb/source/ucp/webdav-curl/CurlUri.cxx | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 977878814a3573627026e31edb8a51c8f30c8a0c
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Wed Jun 14 16:05:54 2023 +0200
Commit: Stephan Bergmann <sberg...@redhat.com>
CommitDate: Thu Jun 15 09:01:18 2023 +0200
ooo#41037 Reject URLs containing unencoded NUL characters
Change-Id: I45bbd342734f190ce918b610441ca911a47830b4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153062
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
diff --git a/ucb/source/ucp/webdav-curl/CurlUri.cxx
b/ucb/source/ucp/webdav-curl/CurlUri.cxx
index c5440423a2db..3ee218d5aca3 100644
--- a/ucb/source/ucp/webdav-curl/CurlUri.cxx
+++ b/ucb/source/ucp/webdav-curl/CurlUri.cxx
@@ -115,6 +115,10 @@ CurlUri::CurlUri(::std::u16string_view const rURI)
}
// use curl to parse the URI, to get a consistent interpretation
+ if (rURI.find(u'\0') != std::u16string_view::npos)
+ {
+ throw DAVException(DAVException::DAV_INVALID_ARG);
+ }
OString const utf8URI(OUStringToOString(rURI, RTL_TEXTENCODING_UTF8));
auto uc = curl_url_set(m_pUrl.get(), CURLUPART_URL, utf8URI.getStr(), 0);
if (uc != CURLUE_OK)
