File fix-CVE-2022-23527-2.patch of Package apache2-mod_auth_openidc.28532
From 1c808c58d407576a438800f0bc11ffe55ee8837a Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Tue, 23 Aug 2022 14:34:00 +0200
Subject: [PATCH] add oidc_util_strcasestr
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
---
ChangeLog | 3 +++
src/util.c | 21 ++++++++++++++++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
Index: mod_auth_openidc-2.3.8/src/util.c
===================================================================
--- mod_auth_openidc-2.3.8.orig/src/util.c
+++ mod_auth_openidc-2.3.8/src/util.c
@@ -449,6 +449,24 @@ char* oidc_util_javascript_escape(apr_po
return output;
}
+static char* oidc_util_strcasestr(const char *s1, const char *s2) {
+ const char *s = s1;
+ const char *p = s2;
+ do {
+ if (!*p)
+ return (char*) s1;
+ if ((*p == *s) || (tolower(*p) == tolower(*s))) {
+ ++p;
+ ++s;
+ } else {
+ p = s2;
+ if (!*s)
+ return NULL;
+ s = ++s1;
+ }
+ } while (1);
+ return *p ? NULL : (char*) s1;
+}
/*
* get the URL scheme that is currently being accessed