[vlc-commits] Fix possible XSS in httpd_HtmlError
Jean-Baptiste Kempf
git at videolan.org
Tue Feb 18 13:43:31 CET 2014
vlc | branch: master | Jean-Baptiste Kempf <jb at videolan.org> | Tue Feb 18 13:38:56 2014 +0100| [fe5063ec5ad1873039ea719eb1f137c8f3bda84b] | committer: Jean-Baptiste Kempf
Fix possible XSS in httpd_HtmlError
Found by Francesco Perna and Pietro Minniti from Quantum Leap s.r.l
Quantum Leap Advisory: Adivsory #QLA140216
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b
---
src/network/httpd.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/network/httpd.c b/src/network/httpd.c
index 6f48e71..92f0745 100644
--- a/src/network/httpd.c
+++ b/src/network/httpd.c
@@ -265,6 +265,8 @@ static size_t httpd_HtmlError (char **body, int code, const char *url)
const char *errname = httpd_ReasonFromCode (code);
assert (errname != NULL);
+ char *url_Encoded = convert_xml_special_chars (url ? url : "");
+
int res = asprintf (body,
"<?xml version=\"1.0\" encoding=\"ascii\" ?>\n"
"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\""
@@ -279,7 +281,9 @@ static size_t httpd_HtmlError (char **body, int code, const char *url)
"<a href=\"http://www.videolan.org\">VideoLAN</a>\n"
"</body>\n"
"</html>\n", errname, code, errname,
- (url ? " (" : ""), (url ? url : ""), (url ? ")" : ""));
+ (url_Encoded ? " (" : ""), (url_Encoded ? url_Encoded : ""), (url_Encoded ? ")" : ""));
+
+ free (url_Encoded);
if (res == -1)
{
More information about the vlc-commits
mailing list