File apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.p... of Package apache2-mod_auth_openidc

Overview Repositories Revisions Requests Users Attributes Meta

File apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch of Package apache2-mod_auth_openidc

From 2d20c58597c9f7065e5362e603a5c348141c45ea Mon Sep 17 00:00:00 2001
From: AIMOTO NORIHITO <aimoto@osstech.co.jp>
Date: Tue, 12 Nov 2019 17:09:23 +0900
Subject: [PATCH] Fix open redirect starting with a slash and backslash
---
SUSE Bug 1164459 - (CVE-2019-20479)
---
 src/mod_auth_openidc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Index: mod_auth_openidc-2.3.8/src/mod_auth_openidc.c
===================================================================
--- mod_auth_openidc-2.3.8.orig/src/mod_auth_openidc.c
+++ mod_auth_openidc-2.3.8/src/mod_auth_openidc.c
@@ -2657,6 +2657,14 @@ static apr_byte_t oidc_validate_post_log
                                                 url);
                 oidc_error(r, "%s: %s", *err_str, *err_desc);
                 return FALSE;
+        } else if ((uri.hostname == NULL) && (strstr(url, "/\\") == url)) {
+                *err_str = apr_pstrdup(r->pool, "Malformed URL");
+                *err_desc =
+                                apr_psprintf(r->pool,
+                                                "No hostname was parsed and starting with '/\\': %s",
+                                                url);
+                oidc_error(r, "%s: %s", *err_str, *err_desc);
+                return FALSE;
 	}
 
 	/* validate the URL to prevent HTTP header splitting */

Places

File apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch of Package apache2-mod_auth_openidc

Places