fix CVE-2021-38165
This commit is contained in:
houyingchao
parent
38030df000
commit
f8ec9daf6d
49
CVE-2021-38165.patch
Normal file
49
CVE-2021-38165.patch
Normal file
@ -0,0 +1,49 @@
|
||||
Description: Fix CVE-2021-38165
|
||||
CVE-2021-38165: If Lynx is given an HTTPS URL which included username
|
||||
and password, e.g. https://username:password@www.example.org/,
|
||||
username and password were sent over the wire in clear text if the
|
||||
TLS 1.2 Server Name Indication (SNI) extension was used.
|
||||
.
|
||||
This patch is extracted from upstream's patch from 2.9.0dev.8 to
|
||||
2.9.0dev.9 to fix this issue.
|
||||
Origin: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
|
||||
Author: Thomas E. Dickey <dickey@invisible-island.net>
|
||||
Reviewed-By: Axel Beckert <abe@debian.org>
|
||||
Bug-Debian: https://bugs.debian.org/991971
|
||||
Bug: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00000.html
|
||||
Bug: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
|
||||
|
||||
--- a/WWW/Library/Implementation/HTTP.c
|
||||
+++ b/WWW/Library/Implementation/HTTP.c
|
||||
@@ -762,6 +762,23 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
+/*
|
||||
+ * Remove user/password, if any, from the given host-string.
|
||||
+ */
|
||||
+#ifdef USE_SSL
|
||||
+static char *StripUserAuthents(char *host)
|
||||
+{
|
||||
+ char *p = strchr(host, '@');
|
||||
+
|
||||
+ if (p != NULL) {
|
||||
+ char *q = host;
|
||||
+
|
||||
+ while ((*q++ = *++p) != '\0') ;
|
||||
+ }
|
||||
+ return host;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/* Load Document from HTTP Server HTLoadHTTP()
|
||||
* ==============================
|
||||
*
|
||||
@@ -957,6 +974,7 @@
|
||||
/* get host we're connecting to */
|
||||
ssl_host = HTParse(url, "", PARSE_HOST);
|
||||
ssl_host = StripIpv6Brackets(ssl_host);
|
||||
+ ssl_host = StripUserAuthents(ssl_host);
|
||||
#if defined(USE_GNUTLS_FUNCS)
|
||||
ret = gnutls_server_name_set(handle->gnutls_state,
|
||||
GNUTLS_NAME_DNS,
|
||||
@ -1,12 +1,13 @@
|
||||
Summary: A text browser for the World Wide Web
|
||||
Name: lynx
|
||||
Version: 2.8.9
|
||||
Release: 5
|
||||
Release: 6
|
||||
License: GPLv2
|
||||
URL: http://lynx.browser.org/
|
||||
Source: https://invisible-mirror.net/archives/%{name}/tarballs/%{name}%{version}rel.1.tar.bz2
|
||||
|
||||
Patch0: %{name}-CVE-2008-4690.patch
|
||||
Patch1: CVE-2021-38165.patch
|
||||
|
||||
Provides: webclient text-www-browser
|
||||
BuildRequires: dos2unix gcc gettext telnet unzip zip
|
||||
@ -104,6 +105,9 @@ EOF
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Tue Aug 17 2021 houyingchao <houyingchao@huawei.com> - 2.8.9-6
|
||||
- Fix CVE-2021-38165
|
||||
|
||||
* Mon Jan 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.8.9-5
|
||||
- Type:enhancement
|
||||
- Id:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user