diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch')
-rw-r--r-- | nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch b/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch new file mode 100644 index 000000000000..5ee7ad1103d6 --- /dev/null +++ b/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch @@ -0,0 +1,23 @@ +Fetched from https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/ + +--- a/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php ++++ b/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php +@@ -239,7 +239,8 @@ class HtmlUtils + $oWrapHtml->setAttribute($sKey, $sValue); + } + +- $oWrapDom = $oDom->createElement('div', '___xxx___'); ++ $rand_str = base64_encode(random_bytes(32)); ++ $oWrapDom = $oDom->createElement('div', $rand_str); + $oWrapDom->setAttribute('data-x-div-type', 'body'); + foreach ($aBodylAttrs as $sKey => $sValue) + { +@@ -250,7 +251,7 @@ class HtmlUtils + + $sWrp = $oDom->saveHTML($oWrapHtml); + +- $sResult = \str_replace('___xxx___', $sResult, $sWrp); ++ $sResult = \str_replace($rand_str, $sResult, $sWrp); + } + + $sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult); |