1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
From: =?utf-8?q?H=C3=A5vard_Flaget_Aasen?= <haavard_aasen@yahoo.no>
Date: Thu, 3 Jun 2021 21:15:52 +0200
Subject: CVE-2021-26948
Fix crash bug with data: URIs (Issue #410)
Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
Bug: https://github.com/michaelrsweet/htmldoc/issues/410
Bug-Debian: https://bugs.debian.org/989437
---
htmldoc/file.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/htmldoc/file.c b/htmldoc/file.c
index eee89af..9a5f3e2 100644
--- a/htmldoc/file.c
+++ b/htmldoc/file.c
@@ -624,11 +624,13 @@ file_find(const char *path, /* I - Path "dir;dir;dir" */
*/
for (i = 0; i < (int)web_files; i ++)
+ {
if (strcmp(s, web_cache[i].name) == 0)
{
DEBUG_printf(("file_find: Returning cache file \"%s\"!\n", s));
return (s);
}
+ }
DEBUG_printf(("file_find: \"%s\" not in web cache of %d files...\n", s, (int)web_files));
@@ -637,11 +639,14 @@ file_find(const char *path, /* I - Path "dir;dir;dir" */
*/
if (strchr(s, '%') == NULL)
+ {
strlcpy(basename, s, sizeof(basename));
+ }
else
{
for (sptr = s, temp = basename;
*sptr && temp < (basename + sizeof(basename) - 1);)
+ {
if (*sptr == '%' && isxdigit(sptr[1]) && isxdigit(sptr[2]))
{
/*
@@ -664,6 +669,7 @@ file_find(const char *path, /* I - Path "dir;dir;dir" */
}
else
*temp++ = *sptr++;
+ }
*temp = '\0';
}
@@ -918,7 +924,9 @@ file_localize(const char *filename, /* I - Filename */
const char * /* O - Method string ("http", "ftp", etc.) */
file_method(const char *s) /* I - Filename or URL */
{
- if (strncmp(s, "http:", 5) == 0)
+ if (strncmp(s, "data:", 5) == 0)
+ return ("data");
+ else if (strncmp(s, "http:", 5) == 0)
return ("http");
else if (strncmp(s, "https:", 6) == 0)
return ("https");
|
