Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Archive
gnome-sdk-images
Commits
4215b8a2
Commit
4215b8a2
authored
Jul 16, 2018
by
Mathieu Bridon
Committed by
Michael Catanzaro
Jul 16, 2018
Browse files
libsoup: Fix CVE-2018-12910
GNOME/libsoup#3
parent
a9810343
Changes
2
Hide whitespace changes
Inline
Side-by-side
0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch
0 → 100644
View file @
4215b8a2
From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sun, 24 Jun 2018 19:46:19 -0500
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
There are several other ways to fix the problem with this function, but
skipping over all of the code is probably the simplest.
Fixes #3
---
libsoup/soup-cookie-jar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index 2369c8a..b2b7890 100644
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@
get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
priv = soup_cookie_jar_get_instance_private (jar);
- if (!uri->host)
+ if (!uri->host || !uri->host[0])
return NULL;
/* The logic here is a little weird, but the plan is that if
--
2.17.1
org.gnome.Sdk.json.in
View file @
4215b8a2
...
...
@@ -144,6 +144,10 @@
"type": "archive",
"url": "https://download.gnome.org/sources/libsoup/2.60/libsoup-2.60.3.tar.xz",
"sha256": "1b0dc762f23abe4e0d29b77370e539fd35f31d8e8e0318d6ddccff395be68a22"
},
{
"type": "patch",
"path": "0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch"
}
]
},
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment