Package: kdepimlibs / 4:4.14.10-11

CVE-2016-7966.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
From: Montel Laurent <montel@kde.org>
Date: Fri, 30 Sep 2016 13:55:35 +0000
Subject: Backport avoid to transform as a url when we have a quote
X-Git-Url: http://quickgit.kde.org/?p=kdepimlibs.git&a=commitdiff&h=176fee25ca79145ab5c8e2275d248f1a46a8d8cf
---
Backport avoid to transform as a url when we have a quote
---


--- a/kpimutils/linklocator.cpp
+++ b/kpimutils/linklocator.cpp
@@ -94,6 +94,12 @@
 }
 
 QString LinkLocator::getUrl()
+{
+    return getUrlAndCheckValidHref();
+}
+
+
+QString LinkLocator::getUrlAndCheckValidHref(bool *badurl)
 {
   QString url;
   if ( atUrl() ) {
@@ -129,13 +135,26 @@
 
     url.reserve( maxUrlLen() );  // avoid allocs
     int start = mPos;
+    bool previousCharIsADoubleQuote = false;
     while ( ( mPos < (int)mText.length() ) &&
             ( mText[mPos].isPrint() || mText[mPos].isSpace() ) &&
             ( ( afterUrl.isNull() && !mText[mPos].isSpace() ) ||
               ( !afterUrl.isNull() && mText[mPos] != afterUrl ) ) ) {
       if ( !mText[mPos].isSpace() ) {   // skip whitespace
-        url.append( mText[mPos] );
-        if ( url.length() > maxUrlLen() ) {
+          if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
+              //it's an invalid url
+              if (badurl) {
+                  *badurl = true;
+              }
+              return QString();
+          }
+          if (mText[mPos] == QLatin1Char('"')) {
+              previousCharIsADoubleQuote = true;
+          } else {
+              previousCharIsADoubleQuote = false;
+          }
+          url.append( mText[mPos] );
+          if ( url.length() > maxUrlLen() ) {
           break;
         }
       }
@@ -367,7 +386,12 @@
     } else {
       const int start = locator.mPos;
       if ( !( flags & IgnoreUrls ) ) {
-        str = locator.getUrl();
+        bool badUrl = false;
+        str = locator.getUrlAndCheckValidHref(&badUrl);
+        if (badUrl) {
+            return locator.mText;
+        }
+
         if ( !str.isEmpty() ) {
           QString hyperlink;
           if ( str.left( 4 ) == QLatin1String("www.") ) {

--- a/kpimutils/linklocator.h
+++ b/kpimutils/linklocator.h
@@ -107,6 +107,7 @@
       @return The URL at the current scan position, or an empty string.
     */
     QString getUrl();
+    QString getUrlAndCheckValidHref(bool *badurl = 0);
 
     /**
       Attempts to grab an email address. If there is an @ symbol at the
@@ -155,7 +156,7 @@
     */
     static QString pngToDataUrl( const QString & iconPath );
 
-  protected:
+protected:
     /**
       The plaintext string being scanned for URLs and email addresses.
     */