rpms / mod_auth_openidc

Clone
Source Code
GIT

Blame SOURCES/0007-Fix-the-previous-backports.patch

c7 c7-beta c8-beta-stream-2.3 c8-stream-2.3 c8s-stream-2.3 c9 c9-beta
  1.   91153f7eeff3c9626863c2e4f581621e88038430
  2.   SOURCES
  3.   0007-Fix-the-previous-backports.patch
Blob History Raw
91153f 
From a5c9f79516fd4097817ac75a37af3b191a3d1448 Mon Sep 17 00:00:00 2001
91153f 
From: Jakub Hrozek <jhrozek@redhat.com>
91153f 
Date: Mon, 1 Jun 2020 21:47:28 +0200
91153f 
Subject: [PATCH] Fix the previous backports
91153f
91153f 
---
91153f 
 src/mod_auth_openidc.c | 24 ++++++++++++------------
91153f 
 1 file changed, 12 insertions(+), 12 deletions(-)
91153f
91153f 
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
91153f 
index e16d500..74f206b 100644
91153f 
--- a/src/mod_auth_openidc.c
91153f 
+++ b/src/mod_auth_openidc.c
91153f 
@@ -2585,7 +2585,7 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
91153f 
                                                apr_uri_unparse(r->pool, &uri, 0), c_host);
91153f 
                oidc_error(r, "%s: %s", *err_str, *err_desc);
91153f 
                return FALSE;
91153f 
-       } else if (strstr(url, "/") != url) {
91153f 
+       } else if ((uri.hostname == NULL) && (strstr(url, "/") != url)) {
91153f 
                *err_str = apr_pstrdup(r->pool, "Malformed URL");
91153f 
                *err_desc =
91153f 
                                apr_psprintf(r->pool,
91153f 
@@ -2593,17 +2593,6 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
91153f 
                                                url);
91153f 
                oidc_error(r, "%s: %s", *err_str, *err_desc);
91153f 
                return FALSE;
91153f 
-       }
91153f 
-
91153f 
-       /* validate the URL to prevent HTTP header splitting */
91153f 
-       if (((strstr(url, "\n") != NULL) || strstr(url, "\r") != NULL)) {
91153f 
-               *err_str = apr_pstrdup(r->pool, "Invalid Request");
91153f 
-               *err_desc =
91153f 
-                               apr_psprintf(r->pool,
91153f 
-                                               "logout value \"%s\" contains illegal \"\n\" or \"\r\" character(s)",
91153f 
-                                               url);
91153f 
-               oidc_error(r, "%s: %s", *err_str, *err_desc);
91153f 
-               return FALSE;
91153f 
         } else if ((uri.hostname == NULL) && (strstr(url, "//") == url)) {
91153f 
                 *err_str = apr_pstrdup(r->pool, "Malformed URL");
91153f 
                 *err_desc =
91153f 
@@ -2622,6 +2611,17 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
91153f 
                 return FALSE;
91153f 
        }
91153f
91153f 
+       /* validate the URL to prevent HTTP header splitting */
91153f 
+       if (((strstr(url, "\n") != NULL) || strstr(url, "\r") != NULL)) {
91153f 
+               *err_str = apr_pstrdup(r->pool, "Invalid Request");
91153f 
+               *err_desc =
91153f 
+                               apr_psprintf(r->pool,
91153f 
+                                               "logout value \"%s\" contains illegal \"\n\" or \"\r\" character(s)",
91153f 
+                                               url);
91153f 
+               oidc_error(r, "%s: %s", *err_str, *err_desc);
91153f 
+               return FALSE;
91153f 
+       }
91153f 
+
91153f 
        return TRUE;
91153f 
 }
91153f
91153f 
--
91153f 
2.21.3
91153f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation