File: CVE-2021-26948.patch

package info (click to toggle)
htmldoc 1.9.3-1%2Bdeb10u4
  • links: PTS
  • area: main
  • in suites: buster
  • size: 15,224 kB
  • sloc: ansic: 67,846; cpp: 24,380; makefile: 352; sh: 149; java: 59; php: 36; xml: 10; perl: 7
file content (63 lines) | stat: -rw-r--r-- 1,605 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
From: =?utf-8?q?H=C3=A5vard_Flaget_Aasen?= <haavard_aasen@yahoo.no>
Date: Thu, 3 Jun 2021 21:15:52 +0200
Subject: CVE-2021-26948

Fix crash bug with data: URIs (Issue #410)

Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
Bug: https://github.com/michaelrsweet/htmldoc/issues/410
Bug-Debian: https://bugs.debian.org/989437
---
 htmldoc/file.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

--- a/htmldoc/file.c
+++ b/htmldoc/file.c
@@ -586,11 +586,13 @@
   */
 
   for (i = 0; i < (int)web_files; i ++)
+  {
     if (strcmp(s, web_cache[i].name) == 0)
     {
       DEBUG_printf(("file_find: Returning cache file \"%s\"!\n", s));
       return (s);
     }
+  }
 
   DEBUG_printf(("file_find: \"%s\" not in web cache of %d files...\n", s, (int)web_files));
 
@@ -599,11 +601,14 @@
   */
 
   if (strchr(s, '%') == NULL)
+  {
     strlcpy(basename, s, sizeof(basename));
+  }
   else
   {
     for (sptr = s, temp = basename;
 	 *sptr && temp < (basename + sizeof(basename) - 1);)
+    {
       if (*sptr == '%' && isxdigit(sptr[1]) && isxdigit(sptr[2]))
       {
        /*
@@ -626,6 +631,7 @@
       }
       else
 	*temp++ = *sptr++;
+    }
 
     *temp = '\0';
   }
@@ -880,7 +886,9 @@
 const char *			/* O - Method string ("http", "ftp", etc.) */
 file_method(const char *s)	/* I - Filename or URL */
 {
-  if (strncmp(s, "http:", 5) == 0)
+  if (strncmp(s, "data:", 5) == 0)
+    return ("data");
+  else if (strncmp(s, "http:", 5) == 0)
     return ("http");
   else if (strncmp(s, "https:", 6) == 0)
     return ("https");