From ace43c8ce02d19cf536ce35749aa2ed734089189 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 18 Aug 2022 13:55:21 +0200
Subject: [PATCH 20/23] oidc_child: escape scopes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Before using the user provided scopes in the HTTP request they should be
properly escaped according to RFC-3986.

Resolves: https://github.com/SSSD/sssd/issues/6146

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 12d5c6344ee304c1f3bc155a76ab37fcd20e78cb)

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
---
 src/oidc_child/oidc_child.c      |  4 ++--
 src/oidc_child/oidc_child_curl.c | 35 ++++++++++++++++++++++++++++++++
 src/oidc_child/oidc_child_util.h |  2 ++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/src/oidc_child/oidc_child.c b/src/oidc_child/oidc_child.c
index e58afccd3..aeeac3595 100644
--- a/src/oidc_child/oidc_child.c
+++ b/src/oidc_child/oidc_child.c
@@ -119,9 +119,9 @@ static errno_t set_endpoints(struct devicecode_ctx *dc_ctx,
     }
 
     if (scope != NULL && *scope != '\0') {
-        dc_ctx->scope = talloc_strdup(dc_ctx, scope);
+        dc_ctx->scope = url_encode_string(dc_ctx, scope);
         if (dc_ctx->scope == NULL) {
-            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy scopes.\n");
+            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to encode and copy scopes.\n");
             ret = ENOMEM;
             goto done;
         }
diff --git a/src/oidc_child/oidc_child_curl.c b/src/oidc_child/oidc_child_curl.c
index 20e17a566..df438e007 100644
--- a/src/oidc_child/oidc_child_curl.c
+++ b/src/oidc_child/oidc_child_curl.c
@@ -26,6 +26,41 @@
 #include <curl/curl.h>
 #include "oidc_child/oidc_child_util.h"
 
+char *url_encode_string(TALLOC_CTX *mem_ctx, const char *inp)
+{
+    CURL *curl_ctx = NULL;
+    char *tmp;
+    char *out = NULL;
+
+    if (inp == NULL) {
+        DEBUG(SSSDBG_TRACE_ALL, "Empty input.\n");
+        return NULL;
+    }
+
+    curl_ctx = curl_easy_init();
+    if (curl_ctx == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "Failed to initialize curl.\n");
+        return NULL;
+    }
+
+    tmp = curl_easy_escape(curl_ctx, inp, 0);
+    if (tmp == NULL) {
+        DEBUG(SSSDBG_TRACE_ALL, "curl_easy_escape failed for [%s].\n", inp);
+        goto done;
+    }
+
+    out = talloc_strdup(mem_ctx, tmp);
+    curl_free(tmp);
+    if (out == NULL) {
+        DEBUG(SSSDBG_TRACE_ALL, "talloc_strdup failed.\n");
+        goto done;
+    }
+
+done:
+    curl_easy_cleanup(curl_ctx);
+    return (out);
+}
+
 /* The curl write_callback will always append the received data. To start a
  * new string call clean_http_data() before the curl request.*/
 void clean_http_data(struct devicecode_ctx *dc_ctx)
diff --git a/src/oidc_child/oidc_child_util.h b/src/oidc_child/oidc_child_util.h
index c781bf1b1..ae5a72bc2 100644
--- a/src/oidc_child/oidc_child_util.h
+++ b/src/oidc_child/oidc_child_util.h
@@ -61,6 +61,8 @@ struct devicecode_ctx {
 };
 
 /* oidc_child_curl.c */
+char *url_encode_string(TALLOC_CTX *mem_ctx, const char *inp);
+
 errno_t init_curl(void *p);
 
 void clean_http_data(struct devicecode_ctx *dc_ctx);
-- 
2.37.3