43 lines
1.4 KiB
Diff
43 lines
1.4 KiB
Diff
From 466f470265554e0e3ae27a6d82375456d2c133e6 Mon Sep 17 00:00:00 2001
|
|
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
|
|
Date: Thu, 22 Jul 2021 15:32:12 +0200
|
|
Subject: [PATCH 3/4] replace potentially harmful backslashes with forward
|
|
slashes when validating redirection URLs
|
|
|
|
(cherry picked from commit 69cb206225c749b51db980d44dc268eee5623f2b)
|
|
---
|
|
src/mod_auth_openidc.c | 12 +++++++++++-
|
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
|
|
index 68fbca5..c96af75 100644
|
|
--- a/src/mod_auth_openidc.c
|
|
+++ b/src/mod_auth_openidc.c
|
|
@@ -2687,12 +2687,22 @@ static int oidc_handle_logout_request(request_rec *r, oidc_cfg *c,
|
|
return HTTP_MOVED_TEMPORARILY;
|
|
}
|
|
|
|
+
|
|
+#define OIDC_MAX_URL_LENGTH DEFAULT_LIMIT_REQUEST_LINE * 2
|
|
+
|
|
static apr_byte_t oidc_validate_redirect_url(request_rec *r, oidc_cfg *c,
|
|
- const char *url, apr_byte_t restrict_to_host, char **err_str,
|
|
+ const char *redirect_to_url, apr_byte_t restrict_to_host, char **err_str,
|
|
char **err_desc) {
|
|
apr_uri_t uri;
|
|
const char *c_host = NULL;
|
|
apr_hash_index_t *hi = NULL;
|
|
+ size_t i = 0;
|
|
+ char *url = apr_pstrndup(r->pool, redirect_to_url, OIDC_MAX_URL_LENGTH);
|
|
+
|
|
+ // replace potentially harmful backslashes with forward slashes
|
|
+ for (i = 0; i < strlen(url); i++)
|
|
+ if (url[i] == '\\')
|
|
+ url[i] = '/';
|
|
|
|
if (apr_uri_parse(r->pool, url, &uri) != APR_SUCCESS) {
|
|
*err_str = apr_pstrdup(r->pool, "Malformed URL");
|
|
--
|
|
2.31.1
|
|
|