rpms / mod_auth_openidc

Clone
Source Code
GIT

Blame SOURCES/0005-Fix-the-previous-backports.patch

c7 c7-beta c8-beta-stream-2.3 c8-stream-2.3 c8s-stream-2.3 c9 c9-beta
  1.   bef612ec00a4c8f3e504158fff1e3b4e1f7ecda7
  2.   SOURCES
  3.   0005-Fix-the-previous-backports.patch
Blob History Raw
d21d4d 
From a5c9f79516fd4097817ac75a37af3b191a3d1448 Mon Sep 17 00:00:00 2001
d21d4d 
From: Jakub Hrozek <jhrozek@redhat.com>
d21d4d 
Date: Mon, 1 Jun 2020 21:47:28 +0200
d21d4d 
Subject: [PATCH] Fix the previous backports
d21d4d
d21d4d 
---
d21d4d 
 src/mod_auth_openidc.c | 24 ++++++++++++------------
d21d4d 
 1 file changed, 12 insertions(+), 12 deletions(-)
d21d4d
d21d4d 
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
d21d4d 
index e16d500..74f206b 100644
d21d4d 
--- a/src/mod_auth_openidc.c
d21d4d 
+++ b/src/mod_auth_openidc.c
d21d4d 
@@ -2585,7 +2585,7 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
d21d4d 
                                                apr_uri_unparse(r->pool, &uri, 0), c_host);
d21d4d 
                oidc_error(r, "%s: %s", *err_str, *err_desc);
d21d4d 
                return FALSE;
d21d4d 
-       } else if (strstr(url, "/") != url) {
d21d4d 
+       } else if ((uri.hostname == NULL) && (strstr(url, "/") != url)) {
d21d4d 
                *err_str = apr_pstrdup(r->pool, "Malformed URL");
d21d4d 
                *err_desc =
d21d4d 
                                apr_psprintf(r->pool,
d21d4d 
@@ -2593,17 +2593,6 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
d21d4d 
                                                url);
d21d4d 
                oidc_error(r, "%s: %s", *err_str, *err_desc);
d21d4d 
                return FALSE;
d21d4d 
-       }
d21d4d 
-
d21d4d 
-       /* validate the URL to prevent HTTP header splitting */
d21d4d 
-       if (((strstr(url, "\n") != NULL) || strstr(url, "\r") != NULL)) {
d21d4d 
-               *err_str = apr_pstrdup(r->pool, "Invalid Request");
d21d4d 
-               *err_desc =
d21d4d 
-                               apr_psprintf(r->pool,
d21d4d 
-                                               "logout value \"%s\" contains illegal \"\n\" or \"\r\" character(s)",
d21d4d 
-                                               url);
d21d4d 
-               oidc_error(r, "%s: %s", *err_str, *err_desc);
d21d4d 
-               return FALSE;
d21d4d 
         } else if ((uri.hostname == NULL) && (strstr(url, "//") == url)) {
d21d4d 
                 *err_str = apr_pstrdup(r->pool, "Malformed URL");
d21d4d 
                 *err_desc =
d21d4d 
@@ -2622,6 +2611,17 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
d21d4d 
                 return FALSE;
d21d4d 
        }
d21d4d
d21d4d 
+       /* validate the URL to prevent HTTP header splitting */
d21d4d 
+       if (((strstr(url, "\n") != NULL) || strstr(url, "\r") != NULL)) {
d21d4d 
+               *err_str = apr_pstrdup(r->pool, "Invalid Request");
d21d4d 
+               *err_desc =
d21d4d 
+                               apr_psprintf(r->pool,
d21d4d 
+                                               "logout value \"%s\" contains illegal \"\n\" or \"\r\" character(s)",
d21d4d 
+                                               url);
d21d4d 
+               oidc_error(r, "%s: %s", *err_str, *err_desc);
d21d4d 
+               return FALSE;
d21d4d 
+       }
d21d4d 
+
d21d4d 
        return TRUE;
d21d4d 
 }
d21d4d
d21d4d 
--
d21d4d 
2.21.3
d21d4d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation