rpms / mod_auth_openidc

Clone
Source Code
GIT

Blame SOURCES/0022-replace-potentially-harmful-backslashes-with-forward.patch

c7 c7-beta c8-beta-stream-2.3 c8-stream-2.3 c8s-stream-2.3 c9 c9-beta
  1.   06debe8bc74e9ae3c3370f03acd744967f9a22a1
  2.   SOURCES
  3.   0022-replace-potentially-harmful-backslashes-with-forward.patch
Blob History Raw
5f8edb 
From 466f470265554e0e3ae27a6d82375456d2c133e6 Mon Sep 17 00:00:00 2001
5f8edb 
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
5f8edb 
Date: Thu, 22 Jul 2021 15:32:12 +0200
5f8edb 
Subject: [PATCH 3/4] replace potentially harmful backslashes with forward
5f8edb 
 slashes when validating redirection URLs
5f8edb
5f8edb 
(cherry picked from commit 69cb206225c749b51db980d44dc268eee5623f2b)
5f8edb 
---
5f8edb 
 src/mod_auth_openidc.c | 12 +++++++++++-
5f8edb 
 1 file changed, 11 insertions(+), 1 deletion(-)
5f8edb
5f8edb 
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
5f8edb 
index 68fbca5..c96af75 100644
5f8edb 
--- a/src/mod_auth_openidc.c
5f8edb 
+++ b/src/mod_auth_openidc.c
5f8edb 
@@ -2687,12 +2687,22 @@ static int oidc_handle_logout_request(request_rec *r, oidc_cfg *c,
5f8edb 
 	return HTTP_MOVED_TEMPORARILY;
5f8edb 
 }
5f8edb
5f8edb 
+
5f8edb 
+#define OIDC_MAX_URL_LENGTH DEFAULT_LIMIT_REQUEST_LINE * 2
5f8edb 
+
5f8edb 
 static apr_byte_t oidc_validate_redirect_url(request_rec *r, oidc_cfg *c,
5f8edb 
-		const char *url, apr_byte_t restrict_to_host, char **err_str,
5f8edb 
+		const char *redirect_to_url, apr_byte_t restrict_to_host, char **err_str,
5f8edb 
 		char **err_desc) {
5f8edb 
 	apr_uri_t uri;
5f8edb 
 	const char *c_host = NULL;
5f8edb 
 	apr_hash_index_t *hi = NULL;
5f8edb 
+	size_t i = 0;
5f8edb 
+	char *url = apr_pstrndup(r->pool, redirect_to_url, OIDC_MAX_URL_LENGTH);
5f8edb 
+
5f8edb 
+	// replace potentially harmful backslashes with forward slashes
5f8edb 
+	for (i = 0; i < strlen(url); i++)
5f8edb 
+		if (url[i] == '\\')
5f8edb 
+			url[i] = '/';
5f8edb
5f8edb 
 	if (apr_uri_parse(r->pool, url, &uri) != APR_SUCCESS) {
5f8edb 
 		*err_str = apr_pstrdup(r->pool, "Malformed URL");
5f8edb 
--
5f8edb 
2.31.1
5f8edb

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation