NULL pointer dereference
Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
when OIDCStripCookies is set and a crafted
Cookie header is supplied
This commit is contained in:
Tomas Halman
parent
6de18abc5e
commit
3ee1d030a2
24
0002-CVE-2023-28625.patch
Normal file
24
0002-CVE-2023-28625.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
commit 1a24e08ce506c2c19dd92a1bc9c2b9a1d9354934
|
||||||
|
Author: Tomas Halman <thalman@redhat.com>
|
||||||
|
Date: Tue Apr 11 11:39:55 2023 +0200
|
||||||
|
|
||||||
|
Backport fixe of CVE-2023-28625
|
||||||
|
|
||||||
|
CVE-2023-28625 mod_auth_openidc: NULL pointer dereference when
|
||||||
|
OIDCStripCookies is set and a crafted Cookie header is supplied
|
||||||
|
|
||||||
|
This patch is based on commit c0e1edac3c4c19988ccdc7713d7aebfce6ff916a
|
||||||
|
|
||||||
|
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
|
||||||
|
index 099c716..51eb53e 100644
|
||||||
|
--- a/src/mod_auth_openidc.c
|
||||||
|
+++ b/src/mod_auth_openidc.c
|
||||||
|
@@ -191,6 +191,8 @@ void oidc_strip_cookies(request_rec *r) {
|
||||||
|
do {
|
||||||
|
while (cookie != NULL && *cookie == OIDC_CHAR_SPACE)
|
||||||
|
cookie++;
|
||||||
|
+ if (cookie == NULL)
|
||||||
|
+ break;
|
||||||
|
|
||||||
|
for (i = 0; i < strip->nelts; i++) {
|
||||||
|
name = ((const char**) strip->elts)[i];
|
||||||
@ -15,13 +15,14 @@
|
|||||||
|
|
||||||
Name: mod_auth_openidc
|
Name: mod_auth_openidc
|
||||||
Version: 2.4.9.4
|
Version: 2.4.9.4
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: OpenID Connect auth module for Apache HTTP Server
|
Summary: OpenID Connect auth module for Apache HTTP Server
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://github.com/zmartzone/mod_auth_openidc
|
URL: https://github.com/zmartzone/mod_auth_openidc
|
||||||
Source0: https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz
|
Source0: https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz
|
||||||
Patch0: 0001-CVE-2022-23527.patch
|
Patch0: 0001-CVE-2022-23527.patch
|
||||||
|
Patch1: 0002-CVE-2023-28625.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: httpd-devel
|
BuildRequires: httpd-devel
|
||||||
@ -96,6 +97,10 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/cache
|
|||||||
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
|
%dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/cache
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
|
||||||
|
- Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
|
||||||
|
when OIDCStripCookies is set and a crafted Cookie header is supplied
|
||||||
|
|
||||||
* Thu Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
|
* Thu Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
|
||||||
- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
|
- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
|
||||||
oidc_validate_redirect_url() using tab character
|
oidc_validate_redirect_url() using tab character
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user