44 lines
1.6 KiB
Diff
44 lines
1.6 KiB
Diff
Submitted By: Douglas R. Reno <renodr at linuxfromscratch dot org>
|
|
Date: 2021-12-18
|
|
Initial Package Version: 2.8.9rel.1
|
|
Upstream Status: Applied
|
|
Origin: Arch Linux (https://github.com/archlinux/svntogit-packages/blob/packages/lynx/trunk/CVE-2021-38165.diff)
|
|
Description: Fixes CVE-2021-38165 in Lynx, which allows for
|
|
usernames and passwords to be transmitted in cleartext
|
|
anytime an HTTPS connection is used.
|
|
|
|
diff -Naurp lynx2.8.9rel.1.orig/WWW/Library/Implementation/HTTP.c lynx2.8.9rel.1/WWW/Library/Implementation/HTTP.c
|
|
--- lynx2.8.9rel.1.orig/WWW/Library/Implementation/HTTP.c 2018-05-04 15:07:43.000000000 -0500
|
|
+++ lynx2.8.9rel.1/WWW/Library/Implementation/HTTP.c 2021-12-18 14:12:57.503796366 -0600
|
|
@@ -761,6 +761,22 @@ static char *StripIpv6Brackets(char *hos
|
|
return host;
|
|
}
|
|
#endif
|
|
+/*
|
|
+ * Remove user/password, if any, from the given host-string.
|
|
+ */
|
|
+#ifdef USE_SSL
|
|
+static char *StripUserAuthents(char *host)
|
|
+{
|
|
+ char *p = strchr(host, '@');
|
|
+
|
|
+ if (p != NULL) {
|
|
+ char *q = host;
|
|
+
|
|
+ while ((*q++ = *++p) != '\0') ;
|
|
+ }
|
|
+ return host;
|
|
+}
|
|
+#endif
|
|
|
|
/* Load Document from HTTP Server HTLoadHTTP()
|
|
* ==============================
|
|
@@ -957,6 +973,7 @@ static int HTLoadHTTP(const char *arg,
|
|
/* get host we're connecting to */
|
|
ssl_host = HTParse(url, "", PARSE_HOST);
|
|
ssl_host = StripIpv6Brackets(ssl_host);
|
|
+ ssl_host = StripUserAuthents(ssl_host);
|
|
#if defined(USE_GNUTLS_FUNCS)
|
|
ret = gnutls_server_name_set(handle->gnutls_state,
|
|
GNUTLS_NAME_DNS,
|