File fix-CVE-2021-32786.patch of Package apache2-mod_auth_openidc.16938

Overview Repositories Revisions Requests Users Attributes Meta

File fix-CVE-2021-32786.patch of Package apache2-mod_auth_openidc.16938

From 69cb206225c749b51db980d44dc268eee5623f2b Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Thu, 22 Jul 2021 15:32:12 +0200
Subject: [PATCH] replace potentially harmful backslashes with forward slashes
 when validating redirection URLs

---
 ChangeLog              |  3 +++
 src/mod_auth_openidc.c | 11 ++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

Index: mod_auth_openidc-2.3.8/src/mod_auth_openidc.c
===================================================================
--- mod_auth_openidc-2.3.8.orig/src/mod_auth_openidc.c
+++ mod_auth_openidc-2.3.8/src/mod_auth_openidc.c
@@ -2618,10 +2618,19 @@ static int oidc_handle_logout_request(re
 	return HTTP_MOVED_TEMPORARILY;
 }
 
-static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
-		char **err_str, char **err_desc) {
+#define OIDC_MAX_URL_LENGTH 8192 * 2
+
+static apr_byte_t oidc_validate_post_logout_url(request_rec *r,
+		const char *redirect_to_url, char **err_str, char **err_desc) {
 	apr_uri_t uri;
 	const char *c_host = NULL;
+	size_t i = 0;
+	char *url = apr_pstrndup(r->pool, redirect_to_url, OIDC_MAX_URL_LENGTH);
+
+	// replace potentially harmful backslashes with forward slashes
+	for (i = 0; i < strlen(url); i++)
+		if (url[i] == '\\')
+			url[i] = '/';
 
 	if (apr_uri_parse(r->pool, url, &uri) != APR_SUCCESS) {
 		*err_str = apr_pstrdup(r->pool, "Malformed URL");

Places

File fix-CVE-2021-32786.patch of Package apache2-mod_auth_openidc.16938

Places