[webkit-qt] [Qt] HTTP header injection vulnerability (QWebPage::userAgentForUrl)
Jarred Nicholls
jarred at sencha.com
Wed Sep 21 13:20:45 PDT 2011
Hey qtwebkittens,
So we found an interesting HTTP header injection vulnerability with the
QWebPage::userAgentForUrl API - see
https://bugs.webkit.org/show_bug.cgi?id=68560. As suggested by jeez, I'm
posting this finding on the mailing list so it's not lost in the ether and
any others can chime in.
Not too sure where the permanent guard belongs, but I'm planning on adding a
test case and a temp patch to FrameLoaderClientQt.cpp to protect this one
scenario. I'll follow up by scouring the API to see if any other relevant
vulnerabilities exist.
Thanks.
--
................................................................
*Sencha*
Jarred Nicholls, Senior Software Architect
@jarrednicholls
<http://twitter.com/jarrednicholls>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-qt/attachments/20110921/fb0206db/attachment.html>
More information about the webkit-qt
mailing list