25 lines
802 B
Diff
25 lines
802 B
Diff
|
commit 1a24e08ce506c2c19dd92a1bc9c2b9a1d9354934
|
||
|
Author: Tomas Halman <thalman@redhat.com>
|
||
|
Date: Tue Apr 11 11:39:55 2023 +0200
|
||
|
|
||
|
Backport fixe of CVE-2023-28625
|
||
|
|
||
|
CVE-2023-28625 mod_auth_openidc: NULL pointer dereference when
|
||
|
OIDCStripCookies is set and a crafted Cookie header is supplied
|
||
|
|
||
|
This patch is based on commit c0e1edac3c4c19988ccdc7713d7aebfce6ff916a
|
||
|
|
||
|
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
|
||
|
index 099c716..51eb53e 100644
|
||
|
--- a/src/mod_auth_openidc.c
|
||
|
+++ b/src/mod_auth_openidc.c
|
||
|
@@ -191,6 +191,8 @@ void oidc_strip_cookies(request_rec *r) {
|
||
|
do {
|
||
|
while (cookie != NULL && *cookie == OIDC_CHAR_SPACE)
|
||
|
cookie++;
|
||
|
+ if (cookie == NULL)
|
||
|
+ break;
|
||
|
|
||
|
for (i = 0; i < strip->nelts; i++) {
|
||
|
name = ((const char**) strip->elts)[i];
|