Add patch from upstream to fix security issue:

https://svn.kvirc.de/kvirc/ticket/858 PR: ports/149094 Reported by: Axel Gonzalez <loox at e-shell.net>
author: Max Brazhnikov <makc@FreeBSD.org> 2010-08-01 19:15:42 +0000
committer: Max Brazhnikov <makc@FreeBSD.org> 2010-08-01 19:15:42 +0000
commit: 12b532240415eabad28bda71c606220d4470ab07 (patch)
tree: 6e0a863aeb326de17af656e9991d6f7cc754a911 /irc/kvirc
parent: f72ac1ec8d9cc365740b26a3f01353cc9dcbff2f (diff)
download: ports-12b532240415eabad28bda71c606220d4470ab07.tar.gz
ports-12b532240415eabad28bda71c606220d4470ab07.zip
2 files changed, 119 insertions, 0 deletions
diff --git a/irc/kvirc/Makefile b/irc/kvirc/Makefile
index 0687a950658b..bf83a9fb26f7 100644
--- a/irc/kvirc/Makefile
+++ b/irc/kvirc/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	kvirc
 PORTVERSION=	4.0.0
+PORTREVISION=	1
 CATEGORIES=	irc kde
 MASTER_SITES=	ftp://ftp.kvirc.de/pub/kvirc/%SUBDIR%/ \
 		http://kvirc.gmake.de/pub/kvirc/%SUBDIR%/ \
diff --git a/irc/kvirc/files/patch-svn4693 b/irc/kvirc/files/patch-svn4693
new file mode 100644
index 000000000000..b791afd12b31
--- /dev/null
+++ b/irc/kvirc/files/patch-svn4693
@@ -0,0 +1,118 @@
+Index: ./src/modules/dcc/requests.cpp
+===================================================================
+--- ./src/modules/dcc/requests.cpp (revision 4417)
++++ ./src/modules/dcc/requests.cpp (revision 4693)
+@@ -87,5 +87,6 @@
+ 	{
+ 		QString szError = QString("Sorry, your DCC %1 request can't be satisfied: %2").arg(dcc->szType.ptr(), errText);
+-		dcc_module_reply_errmsg(dcc,szError);
++		//since szError contains an user-suppplied string, we simplify it to avoid any kind of injection (bug #858)
++		dcc_module_reply_errmsg(dcc,szError.simplified());
+ 	}
+ }
+Index: ./src/kvirc/sparser/kvi_sp_ctcp.cpp
+===================================================================
+--- ./src/kvirc/sparser/kvi_sp_ctcp.cpp (revision 4350)
++++ ./src/kvirc/sparser/kvi_sp_ctcp.cpp (revision 4693)
+@@ -627,5 +627,5 @@
+ 
+ 
+-const char * KviServerParser::extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks)
++const char * KviServerParser::extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks, bool bSafeOnly)
+ {
+ 	//
+@@ -659,15 +659,18 @@
+ 			case '\\':
+ 				// backslash : escape sequence
+-				if(msg_ptr != begin)buffer.append(begin,msg_ptr - begin);
+-				msg_ptr++;
+-				if(*msg_ptr)
+-				{
+-					// decode the escape
+-					msg_ptr = decodeCtcpEscape(msg_ptr,buffer);
+-					begin = msg_ptr;
++				if(bSafeOnly)msg_ptr++;
++				else {
++					if(msg_ptr != begin)buffer.append(begin,msg_ptr - begin);
++					msg_ptr++;
++					if(*msg_ptr)
++					{
++						// decode the escape
++						msg_ptr = decodeCtcpEscape(msg_ptr,buffer);
++						begin = msg_ptr;
++					}
++					// else it is a senseless trailing backslash.
++					// Just ignore and let the function
++					// return spontaneously.
+ 				}
+-				// else it is a senseless trailing backslash.
+-				// Just ignore and let the function
+-				// return spontaneously.
+ 			break;
+ 			case ' ':
+@@ -684,5 +687,5 @@
+ 			break;
+ 			case '"':
+-				if(bInString)
++				if(bInString && !bSafeOnly)
+ 				{
+ 					// A string terminator. We don't return
+@@ -712,5 +715,5 @@
+ }
+ 
+-const char * KviServerParser::extractCtcpParameter(const char * p_msg_ptr,QString &resultBuffer,bool bSpaceBreaks)
++const char * KviServerParser::extractCtcpParameter(const char * p_msg_ptr,QString &resultBuffer,bool bSpaceBreaks, bool bSafeOnly)
+ {
+ 	//
+@@ -744,13 +747,16 @@
+ 			case '\\':
+ 				// backslash : escape sequence
+-				msg_ptr++;
+-				if(*msg_ptr)
+-				{
+-					// decode the escape
+-					msg_ptr = decodeCtcpEscape(msg_ptr,buffer);
++				if(bSafeOnly)msg_ptr++;
++				else {
++					msg_ptr++;
++					if(*msg_ptr)
++					{
++						// decode the escape
++						msg_ptr = decodeCtcpEscape(msg_ptr,buffer);
++					}
++					// else it is a senseless trailing backslash.
++					// Just ignore and let the function
++					// return spontaneously.
+ 				}
+-				// else it is a senseless trailing backslash.
+-				// Just ignore and let the function
+-				// return spontaneously.
+ 			break;
+ 			case ' ':
+@@ -770,5 +776,5 @@
+ 			break;
+ 			case '"':
+-				if(bInString)
++				if(bInString && !bSafeOnly)
+ 				{
+ 					// A string terminator. We don't return
+@@ -1708,5 +1714,5 @@
+ 	KviDccRequest p;
+ 	KviStr aux    = msg->pData;
+-	msg->pData    = extractCtcpParameter(msg->pData,p.szType);
++	msg->pData    = extractCtcpParameter(msg->pData,p.szType, true, true);
+ 	msg->pData    = extractCtcpParameter(msg->pData,p.szParam1);
+ 	msg->pData    = extractCtcpParameter(msg->pData,p.szParam2);
+Index: ./src/kvirc/sparser/kvi_sparser.h
+===================================================================
+--- ./src/kvirc/sparser/kvi_sparser.h (revision 3958)
++++ ./src/kvirc/sparser/kvi_sparser.h (revision 4693)
+@@ -261,6 +261,6 @@
+ 	static const char * decodeCtcpEscape(const char * msg_ptr,KviStr &buffer);
+ 	static const char * decodeCtcpEscape(const char * msg_ptr,QByteArray &buffer);
+-	static const char * extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks = true);
+-	static const char * extractCtcpParameter(const char * msg_ptr,QString &buffer,bool bSpaceBreaks = true);
++	static const char * extractCtcpParameter(const char * msg_ptr,KviStr &buffer,bool bSpaceBreaks = true, bool bSafeOnly=false);
++	static const char * extractCtcpParameter(const char * msg_ptr,QString &buffer,bool bSpaceBreaks = true, bool bSafeOnly=false);
+ };
+
author	Max Brazhnikov <makc@FreeBSD.org>	2010-08-01 19:15:42 +0000
committer	Max Brazhnikov <makc@FreeBSD.org>	2010-08-01 19:15:42 +0000
commit	12b532240415eabad28bda71c606220d4470ab07 (patch)
tree	6e0a863aeb326de17af656e9991d6f7cc754a911 /irc/kvirc
parent	f72ac1ec8d9cc365740b26a3f01353cc9dcbff2f (diff)
download	ports-12b532240415eabad28bda71c606220d4470ab07.tar.gz ports-12b532240415eabad28bda71c606220d4470ab07.zip