diff options
Diffstat (limited to 'kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch')
-rw-r--r-- | kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch b/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch new file mode 100644 index 000000000000..0754c5f02ea0 --- /dev/null +++ b/kde-base/kdelibs/files/4.2.4-CVE-2009-1698.patch @@ -0,0 +1,41 @@ +--- branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp 2009/07/26 03:39:55 1002474 ++++ branches/KDE/4.3/kdelibs/khtml/css/css_valueimpl.cpp 2009/07/26 03:40:47 1002475 +@@ -1212,7 +1212,9 @@ + text = getValueName(m_value.ident); + break; + case CSSPrimitiveValue::CSS_ATTR: +- // ### ++ text = "attr("; ++ text += DOMString( m_value.string ); ++ text += ")"; + break; + case CSSPrimitiveValue::CSS_COUNTER: + text = "counter("; + +--- branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp 2009/07/26 03:39:55 1002474 ++++ branches/KDE/4.3/kdelibs/khtml/css/cssparser.cpp 2009/07/26 03:40:47 1002475 +@@ -1513,6 +1513,14 @@ + if ( args->size() != 1) + return false; + Value *a = args->current(); ++ if (a->unit != CSSPrimitiveValue::CSS_IDENT) { ++ isValid=false; ++ break; ++ } ++ if (qString(a->string)[0] == '-') { ++ isValid=false; ++ break; ++ } + parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR); + } + else +@@ -1565,7 +1573,8 @@ + + CounterImpl *counter = new CounterImpl; + Value *i = args->current(); +-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (qString(i->string)[0] == '-') goto invalid; + counter->m_identifier = domString(i->string); + if (counters) { + i = args->next(); |