NULL pointer dereference

Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
                         when OIDCStripCookies is set and a crafted
                         Cookie header is supplied
This commit is contained in:
Tomas Halman 2023-04-11 11:57:17 +02:00
parent 6de18abc5e
commit 3ee1d030a2
2 changed files with 30 additions and 1 deletions

24
0002-CVE-2023-28625.patch Normal file
View File

@ -0,0 +1,24 @@
commit 1a24e08ce506c2c19dd92a1bc9c2b9a1d9354934
Author: Tomas Halman <thalman@redhat.com>
Date: Tue Apr 11 11:39:55 2023 +0200
Backport fixe of CVE-2023-28625
CVE-2023-28625 mod_auth_openidc: NULL pointer dereference when
OIDCStripCookies is set and a crafted Cookie header is supplied
This patch is based on commit c0e1edac3c4c19988ccdc7713d7aebfce6ff916a
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
index 099c716..51eb53e 100644
--- a/src/mod_auth_openidc.c
+++ b/src/mod_auth_openidc.c
@@ -191,6 +191,8 @@ void oidc_strip_cookies(request_rec *r) {
do {
while (cookie != NULL && *cookie == OIDC_CHAR_SPACE)
cookie++;
+ if (cookie == NULL)
+ break;
for (i = 0; i < strip->nelts; i++) {
name = ((const char**) strip->elts)[i];

View File

@ -15,13 +15,14 @@
Name: mod_auth_openidc
Version: 2.4.9.4
Release: 2%{?dist}
Release: 3%{?dist}
Summary: OpenID Connect auth module for Apache HTTP Server
License: ASL 2.0
URL: https://github.com/zmartzone/mod_auth_openidc
Source0: https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz
Patch0: 0001-CVE-2022-23527.patch
Patch1: 0002-CVE-2023-28625.patch
BuildRequires: gcc
BuildRequires: httpd-devel
@ -96,6 +97,10 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
%changelog
* Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
- Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
when OIDCStripCookies is set and a crafted Cookie header is supplied
* Thu Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
oidc_validate_redirect_url() using tab character