Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP3:Update
python-autobahn
CVE-2020-35678-reencode-url-during-redirect.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-35678-reencode-url-during-redirect.patch of Package python-autobahn
From 9c649901480a87eb4b2b17306e1f7ced3f9fbf6d Mon Sep 17 00:00:00 2001 From: meejah <meejah@meejah.ca> Date: Thu, 17 Dec 2020 00:39:50 -0700 Subject: [PATCH] URL must be re-encoded when doing redirect --- autobahn/websocket/protocol.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) Index: autobahn-17.10.1/autobahn/websocket/protocol.py =================================================================== --- autobahn-17.10.1.orig/autobahn/websocket/protocol.py +++ autobahn-17.10.1/autobahn/websocket/protocol.py @@ -57,6 +57,7 @@ from autobahn.websocket.util import pars from six.moves import urllib import txaio +import hyperlink if six.PY3: # Python 3 @@ -2600,7 +2601,8 @@ class WebSocketServerProtocol(WebSocketP # # https://localhost:9000/?redirect=https%3A%2F%2Ftwitter.com%2F&after=3 # - url = self.http_request_params['redirect'][0] + url = hyperlink.URL.from_text(self.http_request_params['redirect'][0]) + url = url.to_uri().normalize().to_text() if 'after' in self.http_request_params and len(self.http_request_params['after']) > 0: after = int(self.http_request_params['after'][0]) self.log.debug(
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor