Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/kde-base/kdelibs/files/CVE-2007-1564-kdelibs-3.5.6.diff
blob: b026d67a3db0d6c9874eb9f1c748f61656bbe324 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

--- khtml/ecma/kjs_html.cpp
+++ khtml/ecma/kjs_html.cpp
@@ -1866,9 +1866,11 @@ Value KJS::HTMLElement::getValueProperty
 				      getDOMNode(exec, frameElement.contentDocument()) : Undefined();
     case FrameContentWindow:   {
         KHTMLPart* part = static_cast<DOM::HTMLFrameElementImpl*>(frameElement.handle())->contentPart();
-        if (part)
-            return Value(Window::retrieveWindow(part));
-        else
+        if (part) {
+          Window *w = Window::retrieveWindow(part);
+          if (w)
+            return Value(w);
+        }
             return Undefined();
     }
     case FrameFrameBorder:     return String(frameElement.frameBorder());
@@ -1899,9 +1901,11 @@ Value KJS::HTMLElement::getValueProperty
 				       getDOMNode(exec, iFrame.contentDocument()) : Undefined();
     case IFrameContentWindow:       {
         KHTMLPart* part = static_cast<DOM::HTMLIFrameElementImpl*>(iFrame.handle())->contentPart();
-        if (part)
-            return Value(Window::retrieveWindow(part));
-        else
+        if (part) {
+          Window *w = Window::retrieveWindow(part);
+          if (w)
+            return Value(w);
+        }
             return Undefined();
     }
     case IFrameFrameBorder:     return String(iFrame.frameBorder());
--- kioslave/ftp/ftp.cc
+++ kioslave/ftp/ftp.cc
@@ -58,6 +58,7 @@
 #include <kmimemagic.h>
 #include <kmimetype.h>
 #include <ksockaddr.h>
+#include <ksocketaddress.h>
 #include <kio/ioslave_defaults.h>
 #include <kio/slaveconfig.h>
 #include <kremoteencoding.h>
@@ -835,7 +836,6 @@ bool Ftp::ftpSendCmd( const QCString& cm
   return true;
 }
 
-
 /*
  * ftpOpenPASVDataConnection - set up data connection, using PASV mode
  *
@@ -853,6 +853,8 @@ int Ftp::ftpOpenPASVDataConnection()
   if (sa != NULL && sa->family() != PF_INET)
     return ERR_INTERNAL;       // no PASV for non-PF_INET connections
 
+  const KInetSocketAddress *sin = static_cast<const KInetSocketAddress*>(sa);
+
   if (m_extControl & pasvUnknown)
     return ERR_INTERNAL;       // already tried and got "unknown command"
 
@@ -886,14 +888,17 @@ int Ftp::ftpOpenPASVDataConnection()
   }
 
   // Make hostname and port number ...
-  QString host;
-  host.sprintf("%d.%d.%d.%d", i[0], i[1], i[2], i[3]);
   int port = i[4] << 8 | i[5];
 
+  // we ignore the host part on purpose for two reasons
+  // a) it might be wrong anyway
+  // b) it would make us being suceptible to a port scanning attack
+
   // now connect the data socket ...
   m_data = new FtpSocket("PASV");
-  m_data->setAddress(host, port);
-  kdDebug(7102) << "Connecting to " << host << " on port " << port << endl;
+  m_data->setAddress(sin->nodeName(), port);
+
+  kdDebug(7102) << "Connecting to " << sin->nodeName() << " on port " << port << endl;
   return m_data->connectSocket(connectTimeout(), false);
 }