db-move: moved linux-zen from [testing] to [extra] (x86_64)
[arch-packages.git] / lynx / trunk / CVE-2021-38165.diff
blobff67e8a4cfbf3a0807ea818dad02e1701bd5b234
1 --- a/WWW/Library/Implementation/HTTP.c
2 +++ b/WWW/Library/Implementation/HTTP.c
3 @@ -764,6 +764,23 @@ static char *StripIpv6Brackets(char *host)
5 #endif
7 +/*
8 + * Remove user/password, if any, from the given host-string.
9 + */
10 +#ifdef USE_SSL
11 +static char *StripUserAuthents(char *host)
13 + char *p = strchr(host, '@');
15 + if (p != NULL) {
16 + char *q = host;
18 + while ((*q++ = *++p) != '\0') ;
19 + }
20 + return host;
22 +#endif
24 /* Load Document from HTTP Server HTLoadHTTP()
25 * ==============================
27 @@ -959,6 +976,7 @@ static int HTLoadHTTP(const char *arg,
28 /* get host we're connecting to */
29 ssl_host = HTParse(url, "", PARSE_HOST);
30 ssl_host = StripIpv6Brackets(ssl_host);
31 + ssl_host = StripUserAuthents(ssl_host);
32 #if defined(USE_GNUTLS_FUNCS)
33 ret = gnutls_server_name_set(handle->gnutls_state,
34 GNUTLS_NAME_DNS,