18 lines
811 B
Diff
18 lines
811 B
Diff
diff -uNr apt-1.4.8/apt-pkg/acquire-method.cc apt-1.4.8.mod/apt-pkg/acquire-method.cc
|
|
--- apt-1.4.8/apt-pkg/acquire-method.cc 2017-09-13 19:47:33.000000000 +0300
|
|
+++ apt-1.4.8.mod/apt-pkg/acquire-method.cc 2019-01-22 23:03:29.751025868 +0200
|
|
@@ -458,6 +458,13 @@
|
|
* the worker will enqueue again later on to the right queue */
|
|
void pkgAcqMethod::Redirect(const string &NewURI)
|
|
{
|
|
+ if (NewURI.find_first_not_of(" !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~") != std::string::npos)
|
|
+ {
|
|
+ _error->Error("SECURITY: URL redirect target contains control characters, rejecting.");
|
|
+ Fail();
|
|
+ return;
|
|
+ }
|
|
+
|
|
std::cout << "103 Redirect\nURI: " << Queue->Uri << "\n"
|
|
<< "New-URI: " << NewURI << "\n"
|
|
<< "\n" << std::flush;
|