Author: andree Date: Wed Aug 31 23:00:38 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- security fix for webmail
---- Files affected:
SOURCES:
sqwebmail-sec_fix.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/sqwebmail-sec_fix.patch
diff -u /dev/null SOURCES/sqwebmail-sec_fix.patch:1.1
--- /dev/null Thu Sep 1 01:00:38 2005
+++ SOURCES/sqwebmail-sec_fix.patch Thu Sep 1 01:00:33 2005
@@ -0,0 +1,52 @@
+diff -Nur old/sqwebmail/html.c new/sqwebmail/html.c
+--- old/sqwebmail/html.c 2003-10-06 00:16:13.000000000 +0000
++++ new/sqwebmail/html.c 2005-08-31 21:58:09.573788872 +0000
+@@ -187,9 +187,16 @@
+ if (tai) ++tai->tagvaluelen;
+ }
+ if (*p) p++;
++ else
++ {
++ memset(tagbuf, ' ', strlen(tagbuf));
++ }
+ }
+ else
+ {
++ if (c == 0)
++ memset(tagbuf, ' ', strlen(tagbuf));
++
+ if (tai)
+ {
+ tai->tagvalue=p;
+@@ -222,6 +229,31 @@
+ while ((p=strchr(tagbuf, '<')) != NULL)
+ *p=' ';
+
++ for (p=tagbuf; *p; p++)
++ {
++ char *q;
++
++ if (*p != '&')
++ continue;
++
++ q=p;
++
++ ++p;
++
++ while (*p)
++ {
++ if
(strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", *p)
== NULL)
++ break;
++ ++p;
++ }
++
++ if (*p != ';')
++ {
++ *q=0;
++ }
++ --p;
++ }
++
+ tagattrlen=parseattr(0);
+ if ( tagattrlen > tagattrsize)
+ {
================================================================
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
