aboutsummaryrefslogblamecommitdiffstats
path: root/debian/patches/931_parse-url.patch
blob: 5e93546fc6b2ab12ccb912504bb3953e32977917 (plain) (tree)
1
2
3

                                                     
                                                                 

















                                                                                                                
Subject: Prevent global-buffer-overflow in parseURL()
Author: Tatsuya Kinoshita <tats@debian.org>
Bug-Debian: https://github.com/tats/w3m/issues/41 [CVE-2016-9630]
Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ba9d78faeba9024c3e8840579c3b0e959ae2cb0f

diff --git a/url.c b/url.c
index 10089ca..fc213da 100644
--- a/url.c
+++ b/url.c
@@ -841,7 +841,10 @@ parseURL(char *url, ParsedURL *p_url, ParsedURL *current)
     case '#':
 	p_url->host = copyPath(q, p - q,
 			       COPYPATH_SPC_IGNORE | COPYPATH_LOWERCASE);
-	p_url->port = DefaultPort[p_url->scheme];
+	if (p_url->scheme != SCM_UNKNOWN)
+	    p_url->port = DefaultPort[p_url->scheme];
+	else
+	    p_url->port = 0;
 	break;
     }
   analyze_file: