desktop,extensions: updater: only allow redirects to HTTP/HTTPS

Configure curl to prevent redirects to other protocols. Change-Id: Ied73b3d9a062ea6e0a1d594f4c12162dffd6c4a7 (cherry picked from commit bd60bbfbdfbeb2687297e4512ddbea62a394ae67) Reviewed-on: https://gerrit.libreoffice.org/40937 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Markus Mohrhard <markus.mohrhard@googlemail.com>
author: Michael Stahl <mstahl@redhat.com> 2017-08-09 17:38:14 +0200
committer: Markus Mohrhard <markus.mohrhard@googlemail.com> 2017-08-10 09:51:12 +0200
commit: 9d1f32a4308c9f699cb52aecc11566afb7d0d3f7 (patch)
tree: e5f0988529c134f852da98b0c7d19173b252c7d8
parent: 9fe457b2765113d42139a4043b6ba64d93107585 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/extensions/source/update/check/download.cxx b/extensions/source/update/check/download.cxx
index 4b4afea5523d..555b377c845d 100644
--- a/extensions/source/update/check/download.cxx
+++ b/extensions/source/update/check/download.cxx
@@ -238,6 +238,8 @@ bool curl_run(const OUString& rURL, OutData& out, const OString& aProxyHost, sal
 
         // enable redirection
         curl_easy_setopt(pCURL, CURLOPT_FOLLOWLOCATION, 1);
+        // only allow redirect to http:// and https://
+        curl_easy_setopt(pCURL, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
 
         // write function
         curl_easy_setopt(pCURL, CURLOPT_WRITEDATA, &out);
author	Michael Stahl <mstahl@redhat.com>	2017-08-09 17:38:14 +0200
committer	Markus Mohrhard <markus.mohrhard@googlemail.com>	2017-08-10 09:51:12 +0200
commit	9d1f32a4308c9f699cb52aecc11566afb7d0d3f7 (patch)
tree	e5f0988529c134f852da98b0c7d19173b252c7d8
parent	9fe457b2765113d42139a4043b6ba64d93107585 (diff)