Files
MSYS2-packages/lynx/CVE-2021-38165.diff
Christoph Reiter 0ad0580a9f Add lynx
2022-12-22 21:33:53 +01:00

35 lines
866 B
Diff

--- a/WWW/Library/Implementation/HTTP.c
+++ b/WWW/Library/Implementation/HTTP.c
@@ -764,6 +764,23 @@ static char *StripIpv6Brackets(char *host)
}
#endif
+/*
+ * Remove user/password, if any, from the given host-string.
+ */
+#ifdef USE_SSL
+static char *StripUserAuthents(char *host)
+{
+ char *p = strchr(host, '@');
+
+ if (p != NULL) {
+ char *q = host;
+
+ while ((*q++ = *++p) != '\0') ;
+ }
+ return host;
+}
+#endif
+
/* Load Document from HTTP Server HTLoadHTTP()
* ==============================
*
@@ -959,6 +976,7 @@ static int HTLoadHTTP(const char *arg,
/* get host we're connecting to */
ssl_host = HTParse(url, "", PARSE_HOST);
ssl_host = StripIpv6Brackets(ssl_host);
+ ssl_host = StripUserAuthents(ssl_host);
#if defined(USE_GNUTLS_FUNCS)
ret = gnutls_server_name_set(handle->gnutls_state,
GNUTLS_NAME_DNS,