Blame SOURCES/0020-oidc_child-escape-scopes.patch

1c5238
From ace43c8ce02d19cf536ce35749aa2ed734089189 Mon Sep 17 00:00:00 2001
1c5238
From: Sumit Bose <sbose@redhat.com>
1c5238
Date: Thu, 18 Aug 2022 13:55:21 +0200
1c5238
Subject: [PATCH 20/23] oidc_child: escape scopes
1c5238
MIME-Version: 1.0
1c5238
Content-Type: text/plain; charset=UTF-8
1c5238
Content-Transfer-Encoding: 8bit
1c5238
1c5238
Before using the user provided scopes in the HTTP request they should be
1c5238
properly escaped according to RFC-3986.
1c5238
1c5238
Resolves: https://github.com/SSSD/sssd/issues/6146
1c5238
1c5238
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
1c5238
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
1c5238
(cherry picked from commit 12d5c6344ee304c1f3bc155a76ab37fcd20e78cb)
1c5238
1c5238
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
1c5238
---
1c5238
 src/oidc_child/oidc_child.c      |  4 ++--
1c5238
 src/oidc_child/oidc_child_curl.c | 35 ++++++++++++++++++++++++++++++++
1c5238
 src/oidc_child/oidc_child_util.h |  2 ++
1c5238
 3 files changed, 39 insertions(+), 2 deletions(-)
1c5238
1c5238
diff --git a/src/oidc_child/oidc_child.c b/src/oidc_child/oidc_child.c
1c5238
index e58afccd3..aeeac3595 100644
1c5238
--- a/src/oidc_child/oidc_child.c
1c5238
+++ b/src/oidc_child/oidc_child.c
1c5238
@@ -119,9 +119,9 @@ static errno_t set_endpoints(struct devicecode_ctx *dc_ctx,
1c5238
     }
1c5238
 
1c5238
     if (scope != NULL && *scope != '\0') {
1c5238
-        dc_ctx->scope = talloc_strdup(dc_ctx, scope);
1c5238
+        dc_ctx->scope = url_encode_string(dc_ctx, scope);
1c5238
         if (dc_ctx->scope == NULL) {
1c5238
-            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy scopes.\n");
1c5238
+            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to encode and copy scopes.\n");
1c5238
             ret = ENOMEM;
1c5238
             goto done;
1c5238
         }
1c5238
diff --git a/src/oidc_child/oidc_child_curl.c b/src/oidc_child/oidc_child_curl.c
1c5238
index 20e17a566..df438e007 100644
1c5238
--- a/src/oidc_child/oidc_child_curl.c
1c5238
+++ b/src/oidc_child/oidc_child_curl.c
1c5238
@@ -26,6 +26,41 @@
1c5238
 #include <curl/curl.h>
1c5238
 #include "oidc_child/oidc_child_util.h"
1c5238
 
1c5238
+char *url_encode_string(TALLOC_CTX *mem_ctx, const char *inp)
1c5238
+{
1c5238
+    CURL *curl_ctx = NULL;
1c5238
+    char *tmp;
1c5238
+    char *out = NULL;
1c5238
+
1c5238
+    if (inp == NULL) {
1c5238
+        DEBUG(SSSDBG_TRACE_ALL, "Empty input.\n");
1c5238
+        return NULL;
1c5238
+    }
1c5238
+
1c5238
+    curl_ctx = curl_easy_init();
1c5238
+    if (curl_ctx == NULL) {
1c5238
+        DEBUG(SSSDBG_OP_FAILURE, "Failed to initialize curl.\n");
1c5238
+        return NULL;
1c5238
+    }
1c5238
+
1c5238
+    tmp = curl_easy_escape(curl_ctx, inp, 0);
1c5238
+    if (tmp == NULL) {
1c5238
+        DEBUG(SSSDBG_TRACE_ALL, "curl_easy_escape failed for [%s].\n", inp);
1c5238
+        goto done;
1c5238
+    }
1c5238
+
1c5238
+    out = talloc_strdup(mem_ctx, tmp);
1c5238
+    curl_free(tmp);
1c5238
+    if (out == NULL) {
1c5238
+        DEBUG(SSSDBG_TRACE_ALL, "talloc_strdup failed.\n");
1c5238
+        goto done;
1c5238
+    }
1c5238
+
1c5238
+done:
1c5238
+    curl_easy_cleanup(curl_ctx);
1c5238
+    return (out);
1c5238
+}
1c5238
+
1c5238
 /* The curl write_callback will always append the received data. To start a
1c5238
  * new string call clean_http_data() before the curl request.*/
1c5238
 void clean_http_data(struct devicecode_ctx *dc_ctx)
1c5238
diff --git a/src/oidc_child/oidc_child_util.h b/src/oidc_child/oidc_child_util.h
1c5238
index c781bf1b1..ae5a72bc2 100644
1c5238
--- a/src/oidc_child/oidc_child_util.h
1c5238
+++ b/src/oidc_child/oidc_child_util.h
1c5238
@@ -61,6 +61,8 @@ struct devicecode_ctx {
1c5238
 };
1c5238
 
1c5238
 /* oidc_child_curl.c */
1c5238
+char *url_encode_string(TALLOC_CTX *mem_ctx, const char *inp);
1c5238
+
1c5238
 errno_t init_curl(void *p);
1c5238
 
1c5238
 void clean_http_data(struct devicecode_ctx *dc_ctx);
1c5238
-- 
1c5238
2.37.3
1c5238