File fix-CVE-2021-32785.patch of Package apache2-mod_auth_openidc.20618

Overview Repositories Revisions Requests Users Attributes Meta

File fix-CVE-2021-32785.patch of Package apache2-mod_auth_openidc.20618

From 75cff8a3c9c555019bb6ce7026800704ea2592fd Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Thu, 22 Jul 2021 15:29:47 +0200
Subject: [PATCH] use redisvCommand to avoid crash with crafted key when using
 Redis without encryption

---
 ChangeLog         |  3 +++
 Dockerfile        |  2 +-
 openidc.conf      |  3 +++
 src/cache/redis.c | 24 ++++++++++++------------
 4 files changed, 19 insertions(+), 13 deletions(-)

Index: mod_auth_openidc-2.3.8/src/cache/redis.c
===================================================================
--- mod_auth_openidc-2.3.8.orig/src/cache/redis.c
+++ mod_auth_openidc-2.3.8/src/cache/redis.c
@@ -211,10 +211,12 @@ static void oidc_cache_redis_reply_free(
  * execute Redis command and deal with return value
  */
 static redisReply* oidc_cache_redis_command(request_rec *r,
-		oidc_cache_cfg_redis_t *context, const char *command) {
+		oidc_cache_cfg_redis_t *context, const char *format, ...) {
 
 	redisReply *reply = NULL;
 	int i = 0;
+	va_list ap;
+	va_start(ap, format);
 
 	/* try to execute a command at max 2 times while reconnecting */
 	for (i = 0; i < OIDC_REDIS_MAX_TRIES; i++) {
@@ -237,7 +239,7 @@ static redisReply* oidc_cache_redis_comm
 		}
 
 		/* execute the actual command */
-		reply = redisCommand(context->ctx, command);
+		reply = redisvCommand(context->ctx, format, ap);
 
 		/* check for errors, need to return error replies for cache miss case REDIS_REPLY_NIL */
 		if ((reply != NULL) && (reply->type != REDIS_REPLY_ERROR))
@@ -257,6 +259,8 @@ static redisReply* oidc_cache_redis_comm
 		oidc_cache_redis_free(context);
 	}
 
+	va_end(ap);
+
 	return reply;
 }
 
@@ -277,9 +281,8 @@ static apr_byte_t oidc_cache_redis_get(r
 		return FALSE;
 
 	/* get */
-	reply = oidc_cache_redis_command(r, context,
-			apr_psprintf(r->pool, "GET %s",
-					oidc_cache_redis_get_key(r->pool, section, key)));
+	reply =
+			oidc_cache_redis_command(r, context, "GET %s", oidc_cache_redis_get_key(r->pool, section, key));
 
 	if (reply == NULL)
 		goto end;
@@ -336,9 +339,8 @@ static apr_byte_t oidc_cache_redis_set(r
 	if (value == NULL) {
 
 		/* delete it */
-		reply = oidc_cache_redis_command(r, context,
-				apr_psprintf(r->pool, "DEL %s",
-						oidc_cache_redis_get_key(r->pool, section, key)));
+		reply =
+				oidc_cache_redis_command(r, context, "DEL %s", oidc_cache_redis_get_key(r->pool, section, key));
 
 	} else {
 
@@ -346,10 +348,8 @@ static apr_byte_t oidc_cache_redis_set(r
 		timeout = apr_time_sec(expiry - apr_time_now());
 
 		/* store it */
-		reply = oidc_cache_redis_command(r, context,
-				apr_psprintf(r->pool, "SETEX %s %d %s",
-						oidc_cache_redis_get_key(r->pool, section, key),
-						timeout, value));
+		reply =
+				oidc_cache_redis_command(r, context, "SETEX %s %d %s", oidc_cache_redis_get_key(r->pool, section, key), timeout, value);
 
 	}

Places

File fix-CVE-2021-32785.patch of Package apache2-mod_auth_openidc.20618

Places