File CVE-2020-35678-reencode-url-during-redirect.patch of Package python-autobahn

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2020-35678-reencode-url-during-redirect.patch of Package python-autobahn

From 9c649901480a87eb4b2b17306e1f7ced3f9fbf6d Mon Sep 17 00:00:00 2001
From: meejah <meejah@meejah.ca>
Date: Thu, 17 Dec 2020 00:39:50 -0700
Subject: [PATCH] URL must be re-encoded when doing redirect

---
 autobahn/websocket/protocol.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Index: autobahn-17.10.1/autobahn/websocket/protocol.py
===================================================================
--- autobahn-17.10.1.orig/autobahn/websocket/protocol.py
+++ autobahn-17.10.1/autobahn/websocket/protocol.py
@@ -57,6 +57,7 @@ from autobahn.websocket.util import pars
 
 from six.moves import urllib
 import txaio
+import hyperlink
 
 if six.PY3:
     # Python 3
@@ -2600,7 +2601,8 @@ class WebSocketServerProtocol(WebSocketP
                         #
                         # https://localhost:9000/?redirect=https%3A%2F%2Ftwitter.com%2F&after=3
                         #
-                        url = self.http_request_params['redirect'][0]
+                        url = hyperlink.URL.from_text(self.http_request_params['redirect'][0])
+                        url = url.to_uri().normalize().to_text()
                         if 'after' in self.http_request_params and len(self.http_request_params['after']) > 0:
                             after = int(self.http_request_params['after'][0])
                             self.log.debug(

Places

File CVE-2020-35678-reencode-url-during-redirect.patch of Package python-autobahn

Places