Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
rubygem-actionpack-4_2.29852
CVE-2023-28362.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-28362.patch of Package rubygem-actionpack-4_2.29852
Index: actionpack-4.2.9/lib/action_controller/metal/redirecting.rb =================================================================== --- actionpack-4.2.9.orig/lib/action_controller/metal/redirecting.rb +++ actionpack-4.2.9/lib/action_controller/metal/redirecting.rb @@ -14,6 +14,10 @@ module ActionController include ActionController::RackDelegation include ActionController::UrlFor + ILLEGAL_HEADER_VALUE_REGEX = /[\x00-\x08\x0A-\x1F]/.freeze + + class UnsafeRedirectError < StandardError; end + # Redirects the browser to the target specified in +options+. This parameter can be any one of: # # * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+. @@ -72,7 +76,11 @@ module ActionController raise AbstractController::DoubleRenderError if response_body self.status = _extract_redirect_to_status(options, response_status) - self.location = _compute_redirect_to_location(request, options) + + redirect_to_location = _compute_redirect_to_location(request, options) + _ensure_url_is_http_header_safe(redirect_to_location) + + self.location = redirect_to_location self.response_body = "<html><body>You are being <a href=\"#{ERB::Util.unwrapped_html_escape(location)}\">redirected</a>.</body></html>" end @@ -108,5 +116,16 @@ module ActionController 302 end end + + def _ensure_url_is_http_header_safe(url) + # Attempt to comply with the set of valid token characters + # defined for an HTTP header value in + # https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6 + if url.match(ILLEGAL_HEADER_VALUE_REGEX) + msg = "The redirect URL #{url} contains one or more illegal HTTP header field character. " \ + "Set of legal characters defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6" + raise UnsafeRedirectError, msg + end + end end end
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
