From 466f470265554e0e3ae27a6d82375456d2c133e6 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Thu, 22 Jul 2021 15:32:12 +0200
Subject: [PATCH 3/4] replace potentially harmful backslashes with forward
 slashes when validating redirection URLs

(cherry picked from commit 69cb206225c749b51db980d44dc268eee5623f2b)
---
 src/mod_auth_openidc.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
index 68fbca5..c96af75 100644
--- a/src/mod_auth_openidc.c
+++ b/src/mod_auth_openidc.c
@@ -2687,12 +2687,22 @@ static int oidc_handle_logout_request(request_rec *r, oidc_cfg *c,
 	return HTTP_MOVED_TEMPORARILY;
 }
 
+
+#define OIDC_MAX_URL_LENGTH DEFAULT_LIMIT_REQUEST_LINE * 2
+
 static apr_byte_t oidc_validate_redirect_url(request_rec *r, oidc_cfg *c,
-		const char *url, apr_byte_t restrict_to_host, char **err_str,
+		const char *redirect_to_url, apr_byte_t restrict_to_host, char **err_str,
 		char **err_desc) {
 	apr_uri_t uri;
 	const char *c_host = NULL;
 	apr_hash_index_t *hi = NULL;
+	size_t i = 0;
+	char *url = apr_pstrndup(r->pool, redirect_to_url, OIDC_MAX_URL_LENGTH);
+
+	// replace potentially harmful backslashes with forward slashes
+	for (i = 0; i < strlen(url); i++)
+		if (url[i] == '\\')
+			url[i] = '/';
 
 	if (apr_uri_parse(r->pool, url, &uri) != APR_SUCCESS) {
 		*err_str = apr_pstrdup(r->pool, "Malformed URL");
-- 
2.31.1