diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-22 18:14:13 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-22 18:14:13 +0000 |
commit | b60b23600ca14efd4017a9f23b6e2044118a886c (patch) | |
tree | b142b381b0eb342d20376912a5fead60878a1cee /mansearch.c | |
parent | aba9031e6363caf45106966958a9572dde8fc7f3 (diff) | |
download | mandoc-b60b23600ca14efd4017a9f23b6e2044118a886c.tar.gz mandoc-b60b23600ca14efd4017a9f23b6e2044118a886c.tar.zst mandoc-b60b23600ca14efd4017a9f23b6e2044118a886c.zip |
Security fix to prevent XSS attacks:
Restrict the character set of strings passed into html_alloc(),
in particular architecture names that come from the QUERY_STRING,
but also SCRIPT_NAME and manpath.conf content for additional safety,
and bail out safely on violations.
Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
Diffstat (limited to 'mansearch.c')
0 files changed, 0 insertions, 0 deletions