Attachment 859232 Details for Bug 923464 – Close header-hole

[patch] Close header-hole

0001-923464-CVE-2013-1869-close-header-hole-as-well.patch (text/plain), 1.22 KB, created by Grant Gainey on 2014-02-04 16:29:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Grant Gainey

Created: 2014-02-04 16:29:55 UTC

Size: 1.22 KB

patch

obsolete

>From 55bde691300c56698d51426b352e46380adf30be Mon Sep 17 00:00:00 2001
>From: Grant Gainey <ggainey@redhat.com>
>Date: Tue, 4 Feb 2014 11:07:10 -0500
>Subject: [PATCH] 923464 - CVE-2013-1869, close header-hole as well
>
>---
> .../com/redhat/rhn/frontend/action/systems/OverviewAction.java    | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
>diff --git a/java/code/src/com/redhat/rhn/frontend/action/systems/OverviewAction.java b/java/code/src/com/redhat/rhn/frontend/action/systems/OverviewAction.java
>index 7837e3b..e592f5c 100644
>--- a/java/code/src/com/redhat/rhn/frontend/action/systems/OverviewAction.java
>+++ b/java/code/src/com/redhat/rhn/frontend/action/systems/OverviewAction.java
>@@ -54,7 +54,13 @@ public class OverviewAction extends RhnListAction {
> 
>         for (String dest : ALLOWED_REDIRECTS) {
>             if (proposedRedirect.startsWith(dest)) {
>-                return proposedRedirect;
>+                int crlfLoc = proposedRedirect.indexOf(0X0D);
>+                if (crlfLoc != -1) {
>+                    return proposedRedirect.substring(0, crlfLoc);
>+                }
>+                else {
>+                    return proposedRedirect;
>+                }
>             }
>         }
>         return null;
>-- 
>1.8.1.4
>

Actions: View | Diff

Attachments on bug 923464: 820003 | 859232 | 859668