Blame SOURCES/0005-Backport-of-Fix-open-redirect-starting-with-a-slash.patch
|
 |
91153f |
From e14beee7d9a3e23a7f5d44413ffd15b89497326f Mon Sep 17 00:00:00 2001
|
|
|
91153f |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
91153f |
Date: Mon, 16 Mar 2020 21:16:26 +0100
|
|
|
91153f |
Subject: [PATCH 5/6] Backport of Fix open redirect starting with a slash
|
|
|
91153f |
|
|
|
91153f |
---
|
|
|
91153f |
src/mod_auth_openidc.c | 8 ++++++++
|
|
|
91153f |
1 file changed, 8 insertions(+)
|
|
|
91153f |
|
|
|
91153f |
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
|
|
|
91153f |
index 431e89e086fbb72f56ea2a212e63c6ac693f62a2..4b1177050ec34976c954b133c6b1499232c3b0ba 100644
|
|
|
91153f |
--- a/src/mod_auth_openidc.c
|
|
|
91153f |
+++ b/src/mod_auth_openidc.c
|
|
|
91153f |
@@ -2124,6 +2124,14 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
|
|
|
91153f |
url);
|
|
|
91153f |
oidc_error(r, "%s: %s", *err_str, *err_desc);
|
|
|
91153f |
return FALSE;
|
|
|
91153f |
+ } else if ((uri.hostname == NULL) && (strstr(url, "//") == url)) {
|
|
|
91153f |
+ *err_str = apr_pstrdup(r->pool, "Malformed URL");
|
|
|
91153f |
+ *err_desc =
|
|
|
91153f |
+ apr_psprintf(r->pool,
|
|
|
91153f |
+ "No hostname was parsed and starting with '//': %s",
|
|
|
91153f |
+ url);
|
|
|
91153f |
+ oidc_error(r, "%s: %s", *err_str, *err_desc);
|
|
|
91153f |
+ return FALSE;
|
|
|
91153f |
}
|
|
|
91153f |
|
|
|
91153f |
return TRUE;
|
|
|
91153f |
--
|
|
|
91153f |
2.21.1
|
|
|
91153f |
|