Overview

File apache2-mod_auth_openidc-2.4.0-CVE-2021-20718.patch of Package apache2-mod_auth_openidc.20617

From 5498b7002d49a85c13da086ba9fbef35563761c2 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Mon, 12 Apr 2021 00:25:17 +0200
Subject: [PATCH] avoid jwt/proto_state json_object memory leaks on cache
 failures

bump to 2.4.7.1

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
---
 src/mod_auth_openidc.c | 14 ++++++++++++--
 src/proto.c            |  4 +++-
 6 files changed, 24 insertions(+), 5 deletions(-)

Index: mod_auth_openidc-2.4.0/src/mod_auth_openidc.c
===================================================================
--- mod_auth_openidc-2.4.0.orig/src/mod_auth_openidc.c
+++ mod_auth_openidc-2.4.0/src/mod_auth_openidc.c
@@ -1676,7 +1676,13 @@ static apr_byte_t oidc_authorization_res
 	*provider = oidc_get_provider_for_issuer(r, c,
 			oidc_proto_state_get_issuer(*proto_state), FALSE);
 
-	return (*provider != NULL);
+	if (*provider == NULL) {
+		oidc_proto_state_destroy(*proto_state);
+		*proto_state = NULL;
+		return FALSE;
+	}
+
+	return TRUE;
 }
 
 /*
@@ -2122,11 +2128,15 @@ static int oidc_handle_authorization_res
 				apr_table_get(params, OIDC_PROTO_REFRESH_TOKEN),
 				apr_table_get(params, OIDC_PROTO_SESSION_STATE),
 				apr_table_get(params, OIDC_PROTO_STATE), original_url,
-				userinfo_jwt) == FALSE)
+				userinfo_jwt) == FALSE) {
+			oidc_proto_state_destroy(proto_state);
+			oidc_jwt_destroy(jwt);
 			return HTTP_INTERNAL_SERVER_ERROR;
+		}
 
 	} else {
 		oidc_error(r, "remote user could not be set");
+		oidc_jwt_destroy(jwt);
 		return oidc_authorization_response_error(r, c, proto_state,
 				"Remote user could not be set: contact the website administrator",
 				NULL);
Index: mod_auth_openidc-2.4.0/src/proto.c
===================================================================
--- mod_auth_openidc-2.4.0.orig/src/proto.c
+++ mod_auth_openidc-2.4.0/src/proto.c
@@ -2871,8 +2871,10 @@ static apr_byte_t oidc_proto_parse_idtok
 
 	if ((must_validate_code == TRUE)
 			&& (oidc_proto_validate_code(r, provider, *jwt, response_type, code)
-					== FALSE))
+					== FALSE)) {
+		oidc_jwt_destroy(*jwt);
 		return FALSE;
+	}
 
 	return TRUE;
 }
openSUSE Build Service is sponsored by
Places