diff options
Diffstat (limited to 'opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch')
-rw-r--r-- | opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch b/opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch new file mode 100644 index 000000000..ab9fea5c2 --- /dev/null +++ b/opensuse/core/tdelibs/kdelibs-3.5.10-cve-2009-1698.patch @@ -0,0 +1,42 @@ +diff -ur kdelibs-3.5.10/khtml/css/cssparser.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp +--- kdelibs-3.5.10/khtml/css/cssparser.cpp 2007-01-15 12:34:04.000000000 +0100 ++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/cssparser.cpp 2009-07-26 05:46:39.000000000 +0200 +@@ -1344,6 +1344,14 @@ + if ( args->size() != 1) + return false; + Value *a = args->current(); ++ if (a->unit != CSSPrimitiveValue::CSS_IDENT) { ++ isValid=false; ++ break; ++ } ++ if (qString(a->string)[0] == '-') { ++ isValid=false; ++ break; ++ } + parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR); + } + else +@@ -1396,7 +1404,8 @@ + + CounterImpl *counter = new CounterImpl; + Value *i = args->current(); +-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (qString(i->string)[0] == '-') goto invalid; + counter->m_identifier = domString(i->string); + if (counters) { + i = args->next(); +diff -ur kdelibs-3.5.10/khtml/css/css_valueimpl.cpp kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp +--- kdelibs-3.5.10/khtml/css/css_valueimpl.cpp 2006-07-22 10:16:49.000000000 +0200 ++++ kdelibs-3.5.10-cve-2009-1698/khtml/css/css_valueimpl.cpp 2009-07-26 05:45:36.000000000 +0200 +@@ -736,7 +736,9 @@ + text = getValueName(m_value.ident); + break; + case CSSPrimitiveValue::CSS_ATTR: +- // ### ++ text = "attr("; ++ text += DOMString( m_value.string ); ++ text += ")"; + break; + case CSSPrimitiveValue::CSS_COUNTER: + text = "counter("; |