[Libreoffice-commits] core.git: Branch 'libreoffice-5-4' - extensions/source
Michael Stahl
mstahl at redhat.com
Thu Aug 10 07:51:56 UTC 2017
extensions/source/update/check/download.cxx | 2 ++
1 file changed, 2 insertions(+)
New commits:
commit 9d1f32a4308c9f699cb52aecc11566afb7d0d3f7
Author: Michael Stahl <mstahl at redhat.com>
Date: Wed Aug 9 17:38:14 2017 +0200
desktop,extensions: updater: only allow redirects to HTTP/HTTPS
Configure curl to prevent redirects to other protocols.
Change-Id: Ied73b3d9a062ea6e0a1d594f4c12162dffd6c4a7
(cherry picked from commit bd60bbfbdfbeb2687297e4512ddbea62a394ae67)
Reviewed-on: https://gerrit.libreoffice.org/40937
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Markus Mohrhard <markus.mohrhard at googlemail.com>
diff --git a/extensions/source/update/check/download.cxx b/extensions/source/update/check/download.cxx
index 4b4afea5523d..555b377c845d 100644
--- a/extensions/source/update/check/download.cxx
+++ b/extensions/source/update/check/download.cxx
@@ -238,6 +238,8 @@ bool curl_run(const OUString& rURL, OutData& out, const OString& aProxyHost, sal
// enable redirection
curl_easy_setopt(pCURL, CURLOPT_FOLLOWLOCATION, 1);
+ // only allow redirect to http:// and https://
+ curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
// write function
curl_easy_setopt(pCURL, CURLOPT_WRITEDATA, &out);
More information about the Libreoffice-commits
mailing list