From bd60bbfbdfbeb2687297e4512ddbea62a394ae67 Mon Sep 17 00:00:00 2001
From: Michael Stahl <mstahl@redhat.com>
Date: Wed, 9 Aug 2017 17:38:14 +0200
Subject: desktop,extensions: updater: only allow redirects to HTTP/HTTPS

Configure curl to prevent redirects to other protocols.

Change-Id: Ied73b3d9a062ea6e0a1d594f4c12162dffd6c4a7
---
 extensions/source/update/check/download.cxx | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'extensions')

diff --git a/extensions/source/update/check/download.cxx b/extensions/source/update/check/download.cxx
index 4e557f02a8f1..7bc20f874f89 100644
--- a/extensions/source/update/check/download.cxx
+++ b/extensions/source/update/check/download.cxx
@@ -235,6 +235,8 @@ bool curl_run(const OUString& rURL, OutData& out, const OString& aProxyHost, sal
 
         // enable redirection
         curl_easy_setopt(pCURL, CURLOPT_FOLLOWLOCATION, 1);
+        // only allow redirect to http:// and https://
+        curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
 
         // write function
         curl_easy_setopt(pCURL, CURLOPT_WRITEDATA, &out);
-- 
cgit