File bnc512559-2009-1698.diff of Package kdelibs4

Overview Repositories Revisions Requests Users Attributes Meta

File bnc512559-2009-1698.diff of Package kdelibs4

diff -ur kdelibs-4.2.98/khtml/css/cssparser.cpp kdelibs-4.2.98-cve-2009-1698/khtml/css/cssparser.cpp
--- khtml/css/cssparser.cpp	2009-07-21 17:16:12.000000000 +0200
+++ khtml/css/cssparser.cpp	2009-07-26 04:19:38.000000000 +0200
@@ -1513,6 +1513,14 @@
                 if ( args->size() != 1)
                     return false;
                 Value *a = args->current();
+                if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
+                    isValid=false;
+                    break;
+                }
+                if (qString(a->string)[0] == '-') {
+                    isValid=false;
+                    break;
+                }
                 parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
             }
             else
@@ -1565,7 +1573,8 @@
 
     CounterImpl *counter = new CounterImpl;
     Value *i = args->current();
-//    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
+    if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
+    if (qString(i->string)[0] == '-') goto invalid;
     counter->m_identifier = domString(i->string);
     if (counters) {
         i = args->next();
diff -ur kdelibs-4.2.98/khtml/css/css_valueimpl.cpp kdelibs-4.2.98-cve-2009-1698/khtml/css/css_valueimpl.cpp
--- khtml/css/css_valueimpl.cpp	2009-05-14 19:27:35.000000000 +0200
+++ khtml/css/css_valueimpl.cpp	2009-07-26 04:17:28.000000000 +0200
@@ -1212,7 +1212,9 @@
 	    text = getValueName(m_value.ident);
 	    break;
 	case CSSPrimitiveValue::CSS_ATTR:
-	    // ###
+            text = "attr(";
+            text += DOMString( m_value.string );
+            text += ")";
 	    break;
 	case CSSPrimitiveValue::CSS_COUNTER:
             text = "counter(";

Places

File bnc512559-2009-1698.diff of Package kdelibs4

Places