diff options
author | Max Brazhnikov <makc@FreeBSD.org> | 2010-08-01 19:15:42 +0000 |
---|---|---|
committer | Max Brazhnikov <makc@FreeBSD.org> | 2010-08-01 19:15:42 +0000 |
commit | 12b532240415eabad28bda71c606220d4470ab07 (patch) | |
tree | 6e0a863aeb326de17af656e9991d6f7cc754a911 /irc | |
parent | f72ac1ec8d9cc365740b26a3f01353cc9dcbff2f (diff) | |
download | ports-12b532240415eabad28bda71c606220d4470ab07.tar.gz ports-12b532240415eabad28bda71c606220d4470ab07.zip |
Notes
Diffstat (limited to 'irc')
-rw-r--r-- | irc/kvirc/Makefile | 1 | ||||
-rw-r--r-- | irc/kvirc/files/patch-svn4693 | 118 |
2 files changed, 119 insertions, 0 deletions
diff --git a/irc/kvirc/Makefile b/irc/kvirc/Makefile index 0687a950658b..bf83a9fb26f7 100644 --- a/irc/kvirc/Makefile +++ b/irc/kvirc/Makefile @@ -7,6 +7,7 @@ PORTNAME= kvirc PORTVERSION= 4.0.0 +PORTREVISION= 1 CATEGORIES= irc kde MASTER_SITES= ftp://ftp.kvirc.de/pub/kvirc/%SUBDIR%/ \ http://kvirc.gmake.de/pub/kvirc/%SUBDIR%/ \ diff --git a/irc/kvirc/files/patch-svn4693 b/irc/kvirc/files/patch-svn4693 new file mode 100644 index 000000000000..b791afd12b31 --- /dev/null +++ b/irc/kvirc/files/patch-svn4693 @@ -0,0 +1,118 @@ +Index: ./src/modules/dcc/requests.cpp +=================================================================== +--- ./src/modules/dcc/requests.cpp (revision 4417) ++++ ./src/modules/dcc/requests.cpp (revision 4693) +@@ -87,5 +87,6 @@ + { + QString szError = QString("Sorry, your DCC %1 request can't be satisfied: %2").arg(dcc->szType.ptr(), errText); +- dcc_module_reply_errmsg(dcc,szError); ++ //since szError contains an user-suppplied string, we simplify it to avoid any kind of injection (bug #858) ++ dcc_module_reply_errmsg(dcc,szError.simplified()); + } + } +Index: ./src/kvirc/sparser/kvi_sp_ctcp.cpp +=================================================================== +--- ./src/kvirc/sparser/kvi_sp_ctcp.cpp (revision 4350) ++++ ./src/kvirc/sparser/kvi_sp_ctcp.cpp (revision 4693) +@@ -627,5 +627,5 @@ + + +-const char * KviServerParser::extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks) ++const char * KviServerParser::extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks, bool bSafeOnly) + { + // +@@ -659,15 +659,18 @@ + case '\\': + // backslash : escape sequence +- if(msg_ptr != begin)buffer.append(begin,msg_ptr - begin); +- msg_ptr++; +- if(*msg_ptr) +- { +- // decode the escape +- msg_ptr = decodeCtcpEscape(msg_ptr,buffer); +- begin = msg_ptr; ++ if(bSafeOnly)msg_ptr++; ++ else { ++ if(msg_ptr != begin)buffer.append(begin,msg_ptr - begin); ++ msg_ptr++; ++ if(*msg_ptr) ++ { ++ // decode the escape ++ msg_ptr = decodeCtcpEscape(msg_ptr,buffer); ++ begin = msg_ptr; ++ } ++ // else it is a senseless trailing backslash. ++ // Just ignore and let the function ++ // return spontaneously. + } +- // else it is a senseless trailing backslash. +- // Just ignore and let the function +- // return spontaneously. + break; + case ' ': +@@ -684,5 +687,5 @@ + break; + case '"': +- if(bInString) ++ if(bInString && !bSafeOnly) + { + // A string terminator. We don't return +@@ -712,5 +715,5 @@ + } + +-const char * KviServerParser::extractCtcpParameter(const char * p_msg_ptr,QString &resultBuffer,bool bSpaceBreaks) ++const char * KviServerParser::extractCtcpParameter(const char * p_msg_ptr,QString &resultBuffer,bool bSpaceBreaks, bool bSafeOnly) + { + // +@@ -744,13 +747,16 @@ + case '\\': + // backslash : escape sequence +- msg_ptr++; +- if(*msg_ptr) +- { +- // decode the escape +- msg_ptr = decodeCtcpEscape(msg_ptr,buffer); ++ if(bSafeOnly)msg_ptr++; ++ else { ++ msg_ptr++; ++ if(*msg_ptr) ++ { ++ // decode the escape ++ msg_ptr = decodeCtcpEscape(msg_ptr,buffer); ++ } ++ // else it is a senseless trailing backslash. ++ // Just ignore and let the function ++ // return spontaneously. + } +- // else it is a senseless trailing backslash. +- // Just ignore and let the function +- // return spontaneously. + break; + case ' ': +@@ -770,5 +776,5 @@ + break; + case '"': +- if(bInString) ++ if(bInString && !bSafeOnly) + { + // A string terminator. We don't return +@@ -1708,5 +1714,5 @@ + KviDccRequest p; + KviStr aux = msg->pData; +- msg->pData = extractCtcpParameter(msg->pData,p.szType); ++ msg->pData = extractCtcpParameter(msg->pData,p.szType, true, true); + msg->pData = extractCtcpParameter(msg->pData,p.szParam1); + msg->pData = extractCtcpParameter(msg->pData,p.szParam2); +Index: ./src/kvirc/sparser/kvi_sparser.h +=================================================================== +--- ./src/kvirc/sparser/kvi_sparser.h (revision 3958) ++++ ./src/kvirc/sparser/kvi_sparser.h (revision 4693) +@@ -261,6 +261,6 @@ + static const char * decodeCtcpEscape(const char * msg_ptr,KviStr &buffer); + static const char * decodeCtcpEscape(const char * msg_ptr,QByteArray &buffer); +- static const char * extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks = true); +- static const char * extractCtcpParameter(const char * msg_ptr,QString &buffer,bool bSpaceBreaks = true); ++ static const char * extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks = true, bool bSafeOnly=false); ++ static const char * extractCtcpParameter(const char * msg_ptr,QString &buffer,bool bSpaceBreaks = true, bool bSafeOnly=false); + }; + |