about summary refs log tree commit diff
path: root/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch')
-rw-r--r--nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch b/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch
new file mode 100644
index 000000000000..5ee7ad1103d6
--- /dev/null
+++ b/nixpkgs/pkgs/servers/rainloop/fix-cve-2022-29360.patch
@@ -0,0 +1,23 @@
+Fetched from https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/
+
+--- a/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
++++ b/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
+@@ -239,7 +239,8 @@ class HtmlUtils
+ 				$oWrapHtml->setAttribute($sKey, $sValue);
+ 			}
+ 
+-			$oWrapDom = $oDom->createElement('div', '___xxx___');
++			$rand_str = base64_encode(random_bytes(32));
++			$oWrapDom = $oDom->createElement('div', $rand_str);
+ 			$oWrapDom->setAttribute('data-x-div-type', 'body');
+ 			foreach ($aBodylAttrs as $sKey => $sValue)
+ 			{
+@@ -250,7 +251,7 @@ class HtmlUtils
+ 
+ 			$sWrp = $oDom->saveHTML($oWrapHtml);
+ 
+-			$sResult = \str_replace('___xxx___', $sResult, $sWrp);
++			$sResult = \str_replace($rand_str, $sResult, $sWrp);
+ 		}
+ 
+ 		$sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-10 04:09:54 +0000