Merge pull request #182534 from pbsds/rainloop-cve-2022-29360

rainloop-{community,standard}: patch CVE-2022-29360
This commit is contained in:
Janne Heß 2022-07-23 13:04:55 +02:00 committed by GitHub
commit 57d8154c4e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 3 deletions

View file

@ -1,10 +1,10 @@
{ lib, stdenv, fetchurl, unzip, pkgs, dataPath ? "/var/lib/rainloop" }: let
{ lib, stdenv, fetchurl, unzip, writeText, dos2unix, dataPath ? "/var/lib/rainloop" }: let
common = { edition, sha256 }:
stdenv.mkDerivation (rec {
pname = "rainloop${lib.optionalString (edition != "") "-${edition}"}";
version = "1.16.0";
nativeBuildInputs = [ unzip ];
nativeBuildInputs = [ unzip dos2unix ];
unpackPhase = ''
mkdir rainloop
@ -16,7 +16,19 @@
sha256 = sha256;
};
includeScript = pkgs.writeText "include.php" ''
prePatch = ''
dos2unix ./rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
'';
patches = [
./fix-cve-2022-29360.patch
];
postPatch = ''
unix2dos ./rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
'';
includeScript = writeText "include.php" ''
<?php
/**

View file

@ -0,0 +1,23 @@
Fetched from https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/
--- a/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
+++ b/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
@@ -239,7 +239,8 @@ class HtmlUtils
$oWrapHtml->setAttribute($sKey, $sValue);
}
- $oWrapDom = $oDom->createElement('div', '___xxx___');
+ $rand_str = base64_encode(random_bytes(32));
+ $oWrapDom = $oDom->createElement('div', $rand_str);
$oWrapDom->setAttribute('data-x-div-type', 'body');
foreach ($aBodylAttrs as $sKey => $sValue)
{
@@ -250,7 +251,7 @@ class HtmlUtils
$sWrp = $oDom->saveHTML($oWrapHtml);
- $sResult = \str_replace('___xxx___', $sResult, $sWrp);
+ $sResult = \str_replace($rand_str, $sResult, $sWrp);
}
$sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult);