R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2021-22876

Browse Source 
Merge: curl/curl@7214288898
Note: The 'CURLU' class does not exist in this particular version of curl, therefore, an alternative approach has been incorporated to mitigate the issue. Code has been tested, and the issue has been fixed.
This commit is contained in:
Kawe Mazidjatari 2023-06-13 09:45:16 +02:00
parent d177ecdb0a
commit b7cca52067
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
r5dev/thirdparty/curl/transfer.c vendored
View File

@ -1674,6 +1674,26 @@ CURLcode Curl_follow(struct Curl_easy *data,
data->change.referer = strdup(data->change.url);
if(!data->change.referer)
return CURLE_OUT_OF_MEMORY;
char* url = data->change.referer;
char* p;
/* remove the fragment part of the path */
p = strchr(url, '#');
if(p)
*p = '\0';
/* remove user and password of the path */
p = strstr(url, "://");
if(p) {
char* end_of_protocol = p + sizeof("://") - 1;
char* at = strchr(end_of_protocol, '@');
char* slash = strchr(end_of_protocol, '/');
if(at && (!slash || at < slash)) {
memmove(end_of_protocol, at + 1, strlen(at + 1) + 1);
}
}
data->change.referer_alloc = TRUE; /* yes, free this later */
}
}