Репозитории ALT
| S: | 4.8.7-alt25 |
| 5.1: | 4.6.3-alt1.M51.1 |
| 4.1: | 4.4.3-alt1.M41.1 |
| 4.0: | 4.3.4-alt5.M40.1 |
| 3.0: | 4.0.1-alt1 |
| +updates: | 4.0.1-alt2 |
| +backports: | 4.2.3-alt7.1.M30 |
Группа :: Система/Библиотеки
Пакет: qt4
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch
Скачать
Скачать
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp.me qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp.me 2010-05-06 11:29:24.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp 2010-05-06 11:43:29.000000000 +0200
@@ -112,7 +112,11 @@ SecurityOrigin::SecurityOrigin(const KUR
// By default, only local SecurityOrigins can load local resources.
m_canLoadLocalResources = isLocal();
-
+ if (m_canLoadLocalResources) { + // Directories should never be readable.
+ if (!url.hasPath() || url.path().endsWith("/"))+ m_noAccess = true;
+ }
if (isDefaultPortForProtocol(m_port, m_protocol))
m_port = 0;
}
@@ -207,6 +211,8 @@ bool SecurityOrigin::canRequest(const KU
return false;
RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
+ if (targetOrigin->m_noAccess)
+ return false;
// We call isSameSchemeHostPort here instead of canAccess because we want
// to ignore document.domain effects.