rpms / mod_auth_openidc

Clone
Source Code
GIT

Blame SOURCES/0005-Fix-the-previous-backports.patch

c7 c7-beta c8-beta-stream-2.3 c8-stream-2.3 c8s-stream-2.3 c9 c9-beta
  1.   06debe8bc74e9ae3c3370f03acd744967f9a22a1
  2.   SOURCES
  3.   0005-Fix-the-previous-backports.patch
Blob History Raw
5b8408 
From a5c9f79516fd4097817ac75a37af3b191a3d1448 Mon Sep 17 00:00:00 2001
5b8408 
From: Jakub Hrozek <jhrozek@redhat.com>
5b8408 
Date: Mon, 1 Jun 2020 21:47:28 +0200
5b8408 
Subject: [PATCH] Fix the previous backports
5b8408
5b8408 
---
5b8408 
 src/mod_auth_openidc.c | 24 ++++++++++++------------
5b8408 
 1 file changed, 12 insertions(+), 12 deletions(-)
5b8408
5b8408 
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
5b8408 
index e16d500..74f206b 100644
5b8408 
--- a/src/mod_auth_openidc.c
5b8408 
+++ b/src/mod_auth_openidc.c
5b8408 
@@ -2585,7 +2585,7 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
5b8408 
                                                apr_uri_unparse(r->pool, &uri, 0), c_host);
5b8408 
                oidc_error(r, "%s: %s", *err_str, *err_desc);
5b8408 
                return FALSE;
5b8408 
-       } else if (strstr(url, "/") != url) {
5b8408 
+       } else if ((uri.hostname == NULL) && (strstr(url, "/") != url)) {
5b8408 
                *err_str = apr_pstrdup(r->pool, "Malformed URL");
5b8408 
                *err_desc =
5b8408 
                                apr_psprintf(r->pool,
5b8408 
@@ -2593,17 +2593,6 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
5b8408 
                                                url);
5b8408 
                oidc_error(r, "%s: %s", *err_str, *err_desc);
5b8408 
                return FALSE;
5b8408 
-       }
5b8408 
-
5b8408 
-       /* validate the URL to prevent HTTP header splitting */
5b8408 
-       if (((strstr(url, "\n") != NULL) || strstr(url, "\r") != NULL)) {
5b8408 
-               *err_str = apr_pstrdup(r->pool, "Invalid Request");
5b8408 
-               *err_desc =
5b8408 
-                               apr_psprintf(r->pool,
5b8408 
-                                               "logout value \"%s\" contains illegal \"\n\" or \"\r\" character(s)",
5b8408 
-                                               url);
5b8408 
-               oidc_error(r, "%s: %s", *err_str, *err_desc);
5b8408 
-               return FALSE;
5b8408 
         } else if ((uri.hostname == NULL) && (strstr(url, "//") == url)) {
5b8408 
                 *err_str = apr_pstrdup(r->pool, "Malformed URL");
5b8408 
                 *err_desc =
5b8408 
@@ -2622,6 +2611,17 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
5b8408 
                 return FALSE;
5b8408 
        }
5b8408
5b8408 
+       /* validate the URL to prevent HTTP header splitting */
5b8408 
+       if (((strstr(url, "\n") != NULL) || strstr(url, "\r") != NULL)) {
5b8408 
+               *err_str = apr_pstrdup(r->pool, "Invalid Request");
5b8408 
+               *err_desc =
5b8408 
+                               apr_psprintf(r->pool,
5b8408 
+                                               "logout value \"%s\" contains illegal \"\n\" or \"\r\" character(s)",
5b8408 
+                                               url);
5b8408 
+               oidc_error(r, "%s: %s", *err_str, *err_desc);
5b8408 
+               return FALSE;
5b8408 
+       }
5b8408 
+
5b8408 
        return TRUE;
5b8408 
 }
5b8408
5b8408 
--
5b8408 
2.21.3
5b8408

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation