File fix-CVE-2021-32786.patch of Package apache2-mod_auth_openidc.28532
From 69cb206225c749b51db980d44dc268eee5623f2b Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Thu, 22 Jul 2021 15:32:12 +0200
Subject: [PATCH] replace potentially harmful backslashes with forward slashes
when validating redirection URLs
---
ChangeLog | 3 +++
src/mod_auth_openidc.c | 11 ++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
Index: mod_auth_openidc-2.3.8/src/mod_auth_openidc.c
===================================================================
--- mod_auth_openidc-2.3.8.orig/src/mod_auth_openidc.c
+++ mod_auth_openidc-2.3.8/src/mod_auth_openidc.c
@@ -2618,10 +2618,19 @@ static int oidc_handle_logout_request(re
return HTTP_MOVED_TEMPORARILY;
}
-static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
- char **err_str, char **err_desc) {
+#define OIDC_MAX_URL_LENGTH 8192 * 2
+
+static apr_byte_t oidc_validate_post_logout_url(request_rec *r,
+ const char *redirect_to_url, char **err_str, char **err_desc) {
apr_uri_t uri;
const char *c_host = NULL;
+ size_t i = 0;
+ char *url = apr_pstrndup(r->pool, redirect_to_url, OIDC_MAX_URL_LENGTH);
+
+ // replace potentially harmful backslashes with forward slashes
+ for (i = 0; i < strlen(url); i++)
+ if (url[i] == '\\')
+ url[i] = '/';
if (apr_uri_parse(r->pool, url, &uri) != APR_SUCCESS) {
*err_str = apr_pstrdup(r->pool, "Malformed URL");