Update of /cvsroot/mhonarc/mhonarc/MHonArc/lib
In directory subversions:/tmp/cvs-serv11115
Modified Files:
mhutil.pl
Log Message:
* XSS vulnerability with message header fields fixed: Message header
field names were not escaped during conversion to HTML. Hence,
an attacker could including scripting markup in the message header.
For example:
Header<SCRIPT>hello</SCRIPT>def: whatever
Thanks goto Steven M. Christey for catching this.
Index: mhutil.pl
===================================================================
RCS file: /cvsroot/mhonarc/mhonarc/MHonArc/lib/mhutil.pl,v
retrieving revision 2.19
retrieving revision 2.20
diff -C2 -r2.19 -r2.20
*** mhutil.pl 26 Sep 2002 02:40:14 -0000 2.19
--- mhutil.pl 20 Oct 2002 02:53:00 -0000 2.20
***************
*** 440,444 ****
($tago, $tagc, $ftago, $ftagc) = get_header_tags($key);
$mesg .= join('', $LABELBEG,
! $tago, ucfirst($key), $tagc, $LABELEND,
$FLDBEG, $ftago, $tmp, $ftagc, $FLDEND,
"\n");
--- 440,445 ----
($tago, $tagc, $ftago, $ftagc) = get_header_tags($key);
$mesg .= join('', $LABELBEG,
! $tago, htmlize(ucfirst($key)), $tagc,
! $LABELEND,
$FLDBEG, $ftago, $tmp, $ftagc, $FLDEND,
"\n");
***************
*** 455,459 ****
($tago, $tagc, $ftago, $ftagc) = &get_header_tags($item);
$mesg .= join('', $LABELBEG,
! $tago, ucfirst($item), $tagc, $LABELEND,
$FLDBEG, $ftago, $tmp, $ftagc, $FLDEND,
"\n");
--- 456,461 ----
($tago, $tagc, $ftago, $ftagc) = &get_header_tags($item);
$mesg .= join('', $LABELBEG,
! $tago, htmlize(ucfirst($item)), $tagc,
! $LABELEND,
$FLDBEG, $ftago, $tmp, $ftagc, $FLDEND,
"\n");
***************
*** 474,478 ****
local($_);
foreach (split(/(<[^>]+>)/, $txt)) {
! if (/^</) {
chop; substr($_, 0, 1) = "";
$ret .= qq|<<a href="$_">$_</a>>|;
--- 476,480 ----
local($_);
foreach (split(/(<[^>]+>)/, $txt)) {
! if (/^<\w+:/) {
chop; substr($_, 0, 1) = "";
$ret .= qq|<<a href="$_">$_</a>>|;
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV