File harden-refresh-token-request.patch of Package apache2-mod_auth_openidc.28532
Index: mod_auth_openidc-2.3.8/src/mod_auth_openidc.c
===================================================================
--- mod_auth_openidc-2.3.8.orig/src/mod_auth_openidc.c
+++ mod_auth_openidc-2.3.8/src/mod_auth_openidc.c
@@ -2993,6 +2993,8 @@ static int oidc_handle_refresh_token_req
char *return_to = NULL;
char *r_access_token = NULL;
char *error_code = NULL;
+ char *error_str = NULL;
+ char *error_description = NULL;
/* get the command passed to the session management handler */
oidc_util_get_request_parameter(r, OIDC_REDIRECT_URI_REQUEST_REFRESH,
@@ -3007,6 +3009,15 @@ static int oidc_handle_refresh_token_req
return HTTP_INTERNAL_SERVER_ERROR;
}
+ /* do input validation on the return to parameter value */
+ if (oidc_validate_redirect_url(r, c, return_to, TRUE, &error_str,
+ &error_description) == FALSE) {
+ oidc_error(r, "return_to URL validation failed: %s: %s", error_str,
+ error_description);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+
if (r_access_token == NULL) {
oidc_error(r,
"refresh token request handler called with no access_token parameter");