[Privoxy-commits] [privoxy] 01/06: cgi_error_no_template(): Encode the template name to prevent XSS
User Git
git at git.privoxy.org
Tue Dec 7 14:07:12 UTC 2021
This is an automated email from the git hooks/post-receive script.
git pushed a commit to branch master
in repository privoxy.
commit 0e668e9409cbf4ab8bf2d79be204bd4e81a00d85
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Tue Nov 2 12:11:37 2021 +0100
cgi_error_no_template(): Encode the template name to prevent XSS
OVE-20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
---
cgi.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/cgi.c b/cgi.c
index cb1f0725..e92f7493 100644
--- a/cgi.c
+++ b/cgi.c
@@ -1199,7 +1199,8 @@ jb_err cgi_error_no_template(const struct client_state *csp,
").</p>\n"
"</body>\n"
"</html>\n";
- const size_t body_size = strlen(body_prefix) + strlen(template_name) + strlen(body_suffix) + 1;
+ size_t body_size = strlen(body_prefix) + strlen(body_suffix) + 1;
+ const char *encoded_template_name;
assert(csp);
assert(rsp);
@@ -1213,9 +1214,17 @@ jb_err cgi_error_no_template(const struct client_state *csp,
rsp->head_length = 0;
rsp->is_static = 0;
+ encoded_template_name = html_encode(template_name);
+ if (encoded_template_name == NULL)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ body_size += strlen(encoded_template_name);
rsp->body = malloc_or_die(body_size);
strlcpy(rsp->body, body_prefix, body_size);
- strlcat(rsp->body, template_name, body_size);
+ strlcat(rsp->body, encoded_template_name, body_size);
+ freez(encoded_template_name);
strlcat(rsp->body, body_suffix, body_size);
rsp->status = strdup(status);
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Privoxy-commits
mailing list