TDE
/
tdelibs
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs
0
0
Fork 0
Code Issues Releases Wiki Activity

Critical security patches for the following vulnerabilities:

Browse Source 
CVE-2009-0689
CVE-2009-1687
CVE-2009-1690
CVE-2009-1698
CVE-2009-2702



git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1180823 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
v3.5.13-sru
tpearson 14 years ago
parent c9b50480aa
commit 33e60e8e78
11 changed files with 507 additions and 10 deletions
Show Stats Download Patch File Download Diff File

4
khtml/css/css_valueimpl.cpp
Unescape View File

@ -736,7 +736,9 @@ DOM::DOMString CSSPrimitiveValueImpl::cssText() const
text = getValueName(m_value.ident);
break;
case CSSPrimitiveValue::CSS_ATTR:
// ###
text = "attr(";
text += DOMString( m_value.string );
text += ")";
break;
case CSSPrimitiveValue::CSS_COUNTER:
text = "counter(";

11
khtml/css/cssparser.cpp
Unescape View File

@ -1351,6 +1351,14 @@ bool CSSParser::parseContent( int propId, bool important )
if ( args->size() != 1)
return false;
Value *a = args->current();
if (a->unit != CSSPrimitiveValue::CSS_IDENT) {
isValid=false;
break;
}
if (qString(a->string)[0] == '-') {
isValid=false;
break;
}
parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR);
}
else
@ -1403,7 +1411,8 @@ CSSValueImpl* CSSParser::parseCounterContent(ValueList *args, bool counters)
CounterImpl *counter = new CounterImpl;
Value *i = args->current();
// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid;
if (qString(i->string)[0] == '-') goto invalid;
counter->m_identifier = domString(i->string);
if (counters) {
i = args->next();

49
khtml/html/AlwaysInline.h
Unescape View File

@ -0,0 +1,49 @@
/*
* Copyright (C) 2005, 2007 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*
*/
#include "html/Platform.h"
#ifndef ALWAYS_INLINE
#if COMPILER(GCC) && defined(NDEBUG) && __GNUC__ > 3
#define ALWAYS_INLINE inline __attribute__ ((__always_inline__))
#elif COMPILER(MSVC) && defined(NDEBUG)
#define ALWAYS_INLINE __forceinline
#else
#define ALWAYS_INLINE inline
#endif
#endif
#ifndef ALWAYS_INLINE_INTO
#if COMPILER(GCC) && defined(NDEBUG) && ((__GNUC__ == 4 && __GNUC_MINOR__ >= 1) || __GNUC__ > 4)
#define ALWAYS_INLINE_INTO __attribute__ ((__flatten__))
#else
#define ALWAYS_INLINE_INTO
#endif
#endif
#ifndef NEVER_INLINE
#if COMPILER(GCC) && __GNUC__ > 3
#define NEVER_INLINE __attribute__ ((__noinline__))
#else
#define NEVER_INLINE
#endif
#endif

218
khtml/html/Platform.h
Unescape View File

@ -0,0 +1,218 @@
/* -*- mode: c++; c-basic-offset: 4 -*- */
/*
* Copyright (C) 2006 Apple Computer, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef WTF_Platform_h
#define WTF_Platform_h
/* Force KDE build here in our tree... */
#ifndef BUILDING_KDE__
#define BUILDING_KDE__ 1
#endif
/* PLATFORM handles OS, operating environment, graphics API, and CPU */
#define PLATFORM(WTF_FEATURE) (defined( WTF_PLATFORM_##WTF_FEATURE ) && WTF_PLATFORM_##WTF_FEATURE)
#define COMPILER(WTF_FEATURE) (defined( WTF_COMPILER_##WTF_FEATURE ) && WTF_COMPILER_##WTF_FEATURE)
#define HAVE(WTF_FEATURE) (defined( HAVE_##WTF_FEATURE ) && HAVE_##WTF_FEATURE)
#define USE(WTF_FEATURE) (defined( WTF_USE_##WTF_FEATURE ) && WTF_USE_##WTF_FEATURE)
#define ENABLE(WTF_FEATURE) (defined( ENABLE_##WTF_FEATURE ) && ENABLE_##WTF_FEATURE)
/* Operating systems - low-level dependencies */
/* PLATFORM(DARWIN) */
/* Operating system level dependencies for Mac OS X / Darwin that should */
/* be used regardless of operating environment */
#ifdef __APPLE__
#define WTF_PLATFORM_DARWIN 1
#endif
/* PLATFORM(WIN_OS) */
/* Operating system level dependencies for Windows that should be used */
/* regardless of operating environment */
#if defined(WIN32) || defined(_WIN32)
#define WTF_PLATFORM_WIN_OS 1
#endif
/* PLATFORM(UNIX) */
/* Operating system level dependencies for Unix-like systems that */
/* should be used regardless of operating environment */
/* (includes PLATFORM(DARWIN)) */
#if defined(__APPLE__) \
|| defined(unix) \
|| defined(__unix) \
|| defined(__unix__) \
|| defined (__NetBSD__) \
|| defined(_AIX)
#define WTF_PLATFORM_UNIX 1
#endif
/* PLATFORM(SOLARIS_OS) */
/* Operating system level dependencies for Sun (Open)Solaris 10. */
/* Studio 12 on Solaris defines __SunOS; gcc defines __sun__; */
/* Both compilers define __sun and sun. */
#if defined(__sun) || defined(sun)
#define WTF_PLATFORM_SOLARIS_OS 1
#endif
/* Operating environments */
/* I made the BUILDING_KDE__ macro up for the KDE build system to define */
/* PLATFORM(KDE) */
/* PLATFORM(MAC) */
/* PLATFORM(WIN) */
#if BUILDING_KDE__
#define WTF_PLATFORM_KDE 1
#elif PLATFORM(DARWIN)
#define WTF_PLATFORM_MAC 1
#elif PLATFORM(WIN_OS)
#define WTF_PLATFORM_WIN 1
#endif
#if defined(BUILDING_GDK__)
#define WTF_PLATFORM_GDK 1
#endif
/* CPU */
/* PLATFORM(PPC) */
#if defined(__ppc__) \
|| defined(__PPC__) \
|| defined(__powerpc__) \
|| defined(__powerpc) \
|| defined(__POWERPC__) \
|| defined(_M_PPC) \
|| defined(__PPC)
#define WTF_PLATFORM_PPC 1
#define WTF_PLATFORM_BIG_ENDIAN 1
#endif
/* PLATFORM(PPC64) */
#if defined(__ppc64__) \
|| defined(__PPC64__)
#define WTF_PLATFORM_PPC64 1
#define WTF_PLATFORM_BIG_ENDIAN 1
#endif
#if defined(arm)
#define WTF_PLATFORM_ARM 1
#if defined(__ARMEB__)
#define WTF_PLATFORM_BIG_ENDIAN 1
#elif !defined(__ARM_EABI__) && !defined(__ARMEB__)
#define WTF_PLATFORM_MIDDLE_ENDIAN 1
#endif
#if !defined(__ARM_EABI__)
#define WTF_PLATFORM_FORCE_PACK 1
#endif
#endif
/* PLATFORM(X86) */
#if defined(__i386__) \
|| defined(i386) \
|| defined(_M_IX86) \
|| defined(_X86_) \
|| defined(__THW_INTEL)
#define WTF_PLATFORM_X86 1
#endif
/* PLATFORM(X86_64) */
#if defined(__x86_64__) \
|| defined(__ia64__)
#define WTF_PLATFORM_X86_64 1
#endif
/* PLATFORM(SPARC) */
#if defined(sparc)
#define WTF_PLATFORM_SPARC 1
#endif
/* Compiler */
/* COMPILER(CWP) */
#if defined(__MWERKS__)
#define WTF_COMPILER_CWP 1
#endif
/* COMPILER(MSVC) */
#if defined(_MSC_VER)
#define WTF_COMPILER_MSVC 1
#endif
/* COMPILER(GCC) */
#if defined(__GNUC__)
#define WTF_COMPILER_GCC 1
#endif
/* COMPILER(SUNPRO) */
#if defined(__SUNPRO_CC)
#define WTF_COMPILER_SUNPRO 1
#endif
/* COMPILER(BORLAND) */
/* not really fully supported - is this relevant any more? */
#if defined(__BORLANDC__)
#define WTF_COMPILER_BORLAND 1
#endif
/* COMPILER(CYGWIN) */
/* not really fully supported - is this relevant any more? */
#if defined(__CYGWIN__)
#define WTF_COMPILER_CYGWIN 1
#endif
/* multiple threads only supported on Mac for now */
#if PLATFORM(MAC)
#ifndef WTF_USE_MULTIPLE_THREADS
#define WTF_USE_MULTIPLE_THREADS 1
#endif
#ifndef WTF_USE_BINDINGS
#define WTF_USE_BINDINGS 1
#endif
#endif
/* for Unicode, KDE uses Qt, everything else uses ICU */
#if PLATFORM(KDE) || PLATFORM(QT)
#define WTF_USE_QT4_UNICODE 1
#elif PLATFORM(SYMBIAN)
#define WTF_USE_SYMBIAN_UNICODE 1
#else
#define WTF_USE_ICU_UNICODE 1
#endif
#if PLATFORM(MAC)
#define WTF_PLATFORM_CF 1
#endif
#if PLATFORM(WIN)
#define WTF_USE_WININET 1
#endif
#if PLATFORM(GDK)
#define WTF_USE_CURL 1
#endif
/* ENABLE macro defaults */
#endif /* WTF_Platform_h */

202
khtml/html/RefPtr.h
Unescape View File

@ -0,0 +1,202 @@
// -*- mode: c++; c-basic-offset: 4 -*-
/*
* Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*
*/
#ifndef WTF_RefPtr_h
#define WTF_RefPtr_h
#include <algorithm>
#include "AlwaysInline.h"
namespace WTF {
enum PlacementNewAdoptType { PlacementNewAdopt };
template <typename T> class PassRefPtr;
enum HashTableDeletedValueType { HashTableDeletedValue };
template <typename T> class RefPtr {
public:
RefPtr() : m_ptr(0) { }
RefPtr(T* ptr) : m_ptr(ptr) { if (ptr) ptr->ref(); }
RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { if (T* ptr = m_ptr) ptr->ref(); }
// see comment in PassRefPtr.h for why this takes const reference
template <typename U> RefPtr(const PassRefPtr<U>&);
// Special constructor for cases where we overwrite an object in place.
RefPtr(PlacementNewAdoptType) { }
// Hash table deleted values, which are only constructed and never copied or destroyed.
RefPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { }
bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); }
~RefPtr() { if (T* ptr = m_ptr) ptr->deref(); }
template <typename U> RefPtr(const RefPtr<U>& o) : m_ptr(o.get()) { if (T* ptr = m_ptr) ptr->ref(); }
T* get() const { return m_ptr; }
void clear() { if (T* ptr = m_ptr) ptr->deref(); m_ptr = 0; }
PassRefPtr<T> release() { PassRefPtr<T> tmp = adoptRef(m_ptr); m_ptr = 0; return tmp; }
T& operator*() const { return *m_ptr; }
ALWAYS_INLINE T* operator->() const { return m_ptr; }
bool operator!() const { return !m_ptr; }
// This conversion operator allows implicit conversion to bool but not to other integer types.
typedef T* RefPtr::*UnspecifiedBoolType;
operator UnspecifiedBoolType() const { return m_ptr ? &RefPtr::m_ptr : 0; }
RefPtr& operator=(const RefPtr&);
RefPtr& operator=(T*);
RefPtr& operator=(const PassRefPtr<T>&);
template <typename U> RefPtr& operator=(const RefPtr<U>&);
template <typename U> RefPtr& operator=(const PassRefPtr<U>&);
void swap(RefPtr&);
private:
static T* hashTableDeletedValue() { return reinterpret_cast<T*>(-1); }
T* m_ptr;
};
template <typename T> template <typename U> inline RefPtr<T>::RefPtr(const PassRefPtr<U>& o)
: m_ptr(o.releaseRef())
{
}
template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<T>& o)
{
T* optr = o.get();
if (optr)
optr->ref();
T* ptr = m_ptr;
m_ptr = optr;
if (ptr)
ptr->deref();
return *this;
}
template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<U>& o)
{
T* optr = o.get();
if (optr)
optr->ref();
T* ptr = m_ptr;
m_ptr = optr;
if (ptr)
ptr->deref();
return *this;
}
template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(T* optr)
{
if (optr)
optr->ref();
T* ptr = m_ptr;
m_ptr = optr;
if (ptr)
ptr->deref();
return *this;
}
template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<T>& o)
{
T* ptr = m_ptr;
m_ptr = o.releaseRef();
if (ptr)
ptr->deref();
return *this;
}
template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<U>& o)
{
T* ptr = m_ptr;
m_ptr = o.releaseRef();
if (ptr)
ptr->deref();
return *this;
}
template <class T> inline void RefPtr<T>::swap(RefPtr<T>& o)
{
std::swap(m_ptr, o.m_ptr);
}
template <class T> inline void swap(RefPtr<T>& a, RefPtr<T>& b)
{
a.swap(b);
}
template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, const RefPtr<U>& b)
{
return a.get() == b.get();
}
template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, U* b)
{
return a.get() == b;
}
template <typename T, typename U> inline bool operator==(T* a, const RefPtr<U>& b)
{
return a == b.get();
}
template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, const RefPtr<U>& b)
{
return a.get() != b.get();
}
template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, U* b)
{
return a.get() != b;
}
template <typename T, typename U> inline bool operator!=(T* a, const RefPtr<U>& b)
{
return a != b.get();
}
template <typename T, typename U> inline RefPtr<T> static_pointer_cast(const RefPtr<U>& p)
{
return RefPtr<T>(static_cast<T*>(p.get()));
}
template <typename T, typename U> inline RefPtr<T> const_pointer_cast(const RefPtr<U>& p)
{
return RefPtr<T>(const_cast<T*>(p.get()));
}
template <typename T> inline T* getPtr(const RefPtr<T>& p)
{
return p.get();
}
} // namespace WTF
using WTF::RefPtr;
using WTF::static_pointer_cast;
using WTF::const_pointer_cast;
#endif // WTF_RefPtr_h

10
khtml/html/htmlparser.cpp
Unescape View File

@ -195,7 +195,6 @@ void KHTMLParser::reset()
form = 0;
map = 0;
head = 0;
end = false;
isindex = 0;
@ -612,8 +611,7 @@ bool KHTMLParser::insertNode(NodeImpl *n, bool flat)
case ID_BASE:
if(!head) {
head = new HTMLHeadElementImpl(document);
e = head;
insertNode(e);
insertNode(head.get());
handled = true;
}
break;
@ -835,7 +833,7 @@ NodeImpl *KHTMLParser::getElement(Token* t)
case ID_HEAD:
if(!head && current->id() == ID_HTML) {
head = new HTMLHeadElementImpl(document);
n = head;
n = head.get();
}
break;
case ID_BODY:
@ -1684,12 +1682,12 @@ void KHTMLParser::createHead()
head = new HTMLHeadElementImpl(document);
HTMLElementImpl *body = doc()->body();
int exceptioncode = 0;
doc()->firstChild()->insertBefore(head, body, exceptioncode);
doc()->firstChild()->insertBefore(head.get(), body, exceptioncode);
if ( exceptioncode ) {
#ifdef PARSER_DEBUG
kdDebug( 6035 ) << "creation of head failed!!!!" << endl;
#endif
delete head;
delete head.get();
head = 0;
}
}

3
khtml/html/htmlparser.h
Unescape View File

@ -42,6 +42,7 @@
#include "dom/dom_string.h"
#include "xml/dom_nodeimpl.h"
#include "html/html_documentimpl.h"
#include "html/RefPtr.h"
class KHTMLView;
class HTMLStackElem;
@ -148,7 +149,7 @@ private:
/*
* the head element. Needed for crappy html which defines <base> after </head>
*/
DOM::HTMLHeadElementImpl *head;
RefPtr<DOM::HTMLHeadElementImpl> head;
/*
* a possible <isindex> element in the head. Compatibility hack for

7
kio/kssl/kopenssl.cc
Unescape View File

@ -201,6 +201,7 @@ static int (*K_X509_NAME_add_entry_by_txt)(X509_NAME*, char*, int, unsigned char
static X509_NAME *(*K_X509_NAME_new)() = 0L;
static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L;
static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L;
#endif
@ -504,6 +505,7 @@ KConfig *cfg;
K_X509_NAME_new = (X509_NAME *(*)()) _cryptoLib->symbol("X509_NAME_new");
K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) _cryptoLib->symbol("X509_REQ_set_subject_name");
K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_data");
K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_length");
#endif
}
@ -1561,6 +1563,11 @@ unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) {
return 0L;
}
int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) {
if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x);
return 0L;
}
STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
return 0L;

5
kio/kssl/kopenssl.h
Unescape View File

@ -633,6 +633,11 @@ public:
*/
unsigned char *ASN1_STRING_data(ASN1_STRING *x);
/*
* ASN1_STRING_length
*/
int ASN1_STRING_length(ASN1_STRING *x);
/*
*
*/

4
kio/kssl/ksslcertificate.cc
Unescape View File

@ -1113,7 +1113,9 @@ TQStringList KSSLCertificate::subjAltNames() const {
}
TQString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
if (!s.isEmpty()) {
if (!s.isEmpty() &&
/* skip subjectAltNames with embedded NULs */
s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
rc += s;
}
}

4
kjs/collector.cpp
Unescape View File

@ -23,6 +23,7 @@
#include "value.h"
#include "internal.h"
#include <limits.h>
#ifndef MAX
#define MAX(a,b) ((a) > (b) ? (a) : (b))
@ -119,6 +120,9 @@ void* Collector::allocate(size_t s)
// didn't find one, need to allocate a new block
if (heap.usedBlocks == heap.numBlocks) {
static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
if (heap.numBlocks > maxNumBlocks)
return 0L;
heap.numBlocks = MAX(MIN_ARRAY_SIZE, heap.numBlocks * GROWTH_FACTOR);
heap.blocks = (CollectorBlock **)realloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock *));
}

Write Preview
Loading…
Cancel
Save