mhonarc-commits
[Top] [All Lists]
<prev [Date] next>
[Advanced]

CVS: mhonarc/MHonArc/lib mhutil.pl,2.19,2.20

2002-10-19 19:53:08
from [Earl Hood <earl(_at_)earlhood(_dot_)com>] [Permanent Link] 
Update of /cvsroot/mhonarc/mhonarc/MHonArc/lib
In directory subversions:/tmp/cvs-serv11115

Modified Files:
	mhutil.pl 
Log Message:
* XSS vulnerability with message header fields fixed: Message header
  field names were not escaped during conversion to HTML.  Hence,
  an attacker could including scripting markup in the message header.
  For example:

    Header<SCRIPT>hello</SCRIPT>def: whatever

  Thanks goto Steven M. Christey for catching this.


Index: mhutil.pl
===================================================================
RCS file: /cvsroot/mhonarc/mhonarc/MHonArc/lib/mhutil.pl,v
retrieving revision 2.19
retrieving revision 2.20
diff -C2 -r2.19 -r2.20
*** mhutil.pl	26 Sep 2002 02:40:14 -0000	2.19
--- mhutil.pl	20 Oct 2002 02:53:00 -0000	2.20
***************
*** 440,444 ****
  		    ($tago, $tagc, $ftago, $ftagc) = get_header_tags($key);
  		    $mesg .= join('', $LABELBEG,
! 				  $tago, ucfirst($key), $tagc, $LABELEND,
  				  $FLDBEG, $ftago, $tmp, $ftagc, $FLDEND,
  				  "\n");
--- 440,445 ----
  		    ($tago, $tagc, $ftago, $ftagc) = get_header_tags($key);
  		    $mesg .= join('', $LABELBEG,
! 				  $tago, htmlize(ucfirst($key)), $tagc,
! 				  $LABELEND,
  				  $FLDBEG, $ftago, $tmp, $ftagc, $FLDEND,
  				  "\n");
***************
*** 455,459 ****
  		    ($tago, $tagc, $ftago, $ftagc) = &get_header_tags($item);
  		    $mesg .= join('', $LABELBEG,
! 				  $tago, ucfirst($item), $tagc, $LABELEND,
  				  $FLDBEG, $ftago, $tmp, $ftagc, $FLDEND,
  				  "\n");
--- 456,461 ----
  		    ($tago, $tagc, $ftago, $ftagc) = &get_header_tags($item);
  		    $mesg .= join('', $LABELBEG,
! 				  $tago, htmlize(ucfirst($item)), $tagc,
! 				  $LABELEND,
  				  $FLDBEG, $ftago, $tmp, $ftagc, $FLDEND,
  				  "\n");
***************
*** 474,478 ****
      local($_);
      foreach (split(/(<[^>]+>)/, $txt)) {
! 	if (/^</) {
  	    chop; substr($_, 0, 1) = "";
  	    $ret .= qq|&lt;<a href="$_">$_</a>&gt;|;
--- 476,480 ----
      local($_);
      foreach (split(/(<[^>]+>)/, $txt)) {
! 	if (/^<\w+:/) {
  	    chop; substr($_, 0, 1) = "";
  	    $ret .= qq|&lt;<a href="$_">$_</a>&gt;|;

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV
[More with this subject...]
Previous by Date:  CVS: mhonarc/MHonArc/lib mhamain.pl,2.48,2.49, Earl Hood <earl(_at_)earlhood(_dot_)com>
Next by Date:  CVS: mhonarc/MHonArc/lib mhopt.pl,2.31,2.32, Earl Hood <earl(_at_)earlhood(_dot_)com>
Previous by Thread:  CVS: mhonarc/MHonArc/lib mhamain.pl,2.48,2.49, Earl Hood <earl(_at_)earlhood(_dot_)com>
Next by Thread:  CVS: mhonarc/MHonArc/lib mhopt.pl,2.31,2.32, Earl Hood <earl(_at_)earlhood(_dot_)com>
Indexes:  [Date] [Top] [All Lists]