rpms / kdelibs3

Clone
Source Code
GIT

Files

  1.   ab3d736ba90504c092b369d3e173e49ff492f304
  2.   kdelibs-3.5.10-CVE-2017-6410.patch
Blob Blame History Raw 
diff -ur kdelibs-3.5.10/kio/misc/kpac/script.cpp kdelibs-3.5.10-CVE-2017-6410/kio/misc/kpac/script.cpp
--- kdelibs-3.5.10/kio/misc/kpac/script.cpp	2008-02-13 10:41:06.000000000 +0100
+++ kdelibs-3.5.10-CVE-2017-6410/kio/misc/kpac/script.cpp	2017-03-04 18:42:29.638992390 +0100
@@ -446,10 +446,18 @@
 	if (!findObj.isValid() || !findObj.implementsCall())
 	  throw Error( "No such function FindProxyForURL" );
 
+        KURL cleanUrl = url;
+        cleanUrl.setPass(QString());
+        cleanUrl.setUser(QString());
+        if (cleanUrl.protocol().lower() == "https") {
+            cleanUrl.setPath(QString());
+            cleanUrl.setQuery(QString());
+        }
+
 	Object thisObj;
 	List args;
-	args.append(String(url.url()));
-	args.append(String(url.host()));
+	args.append(String(cleanUrl.url()));
+	args.append(String(cleanUrl.host()));
 	Value retval = findObj.call( exec, thisObj, args );
 
 	if ( exec->hadException() ) {
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.