1*4882a593SmuzhiyunFrom ac286a71ed78429e16c612161251b9ea90ccd431 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Paul <paul@claws-mail.org> 3*4882a593SmuzhiyunDate: Sun, 23 May 2021 12:16:40 +0100 4*4882a593SmuzhiyunSubject: [PATCH] harden link checker before accepting click 5*4882a593Smuzhiyun 6*4882a593Smuzhiyun[Retrieved from: 7*4882a593Smuzhiyunhttps://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431] 8*4882a593SmuzhiyunSigned-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 9*4882a593Smuzhiyun--- 10*4882a593Smuzhiyun src/textview.c | 4 +++- 11*4882a593Smuzhiyun 1 file changed, 3 insertions(+), 1 deletion(-) 12*4882a593Smuzhiyun 13*4882a593Smuzhiyundiff --git a/src/textview.c b/src/textview.c 14*4882a593Smuzhiyunindex 62ad46eaf..3cdf5d911 100644 15*4882a593Smuzhiyun--- a/src/textview.c 16*4882a593Smuzhiyun+++ b/src/textview.c 17*4882a593Smuzhiyun@@ -2885,7 +2885,7 @@ gboolean textview_uri_security_check(TextView *textview, ClickableText *uri) 18*4882a593Smuzhiyun gboolean retval = TRUE; 19*4882a593Smuzhiyun 20*4882a593Smuzhiyun if (is_uri_string(uri->uri) == FALSE) 21*4882a593Smuzhiyun- return TRUE; 22*4882a593Smuzhiyun+ return FALSE; 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun visible_str = textview_get_visible_uri(textview, uri); 25*4882a593Smuzhiyun if (visible_str == NULL) 26*4882a593Smuzhiyun@@ -2922,6 +2922,8 @@ gboolean textview_uri_security_check(TextView *textview, ClickableText *uri) 27*4882a593Smuzhiyun if (aval == G_ALERTALTERNATE) 28*4882a593Smuzhiyun retval = TRUE; 29*4882a593Smuzhiyun } 30*4882a593Smuzhiyun+ if (strlen(uri->uri) > get_uri_len(uri->uri)) 31*4882a593Smuzhiyun+ retval = FALSE; 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun g_free(visible_str); 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun-- 36*4882a593Smuzhiyun2.25.1 37*4882a593Smuzhiyun 38