Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
apache2-mod_auth_openidc
fix-CVE-2021-32785.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-CVE-2021-32785.patch of Package apache2-mod_auth_openidc
From 75cff8a3c9c555019bb6ce7026800704ea2592fd Mon Sep 17 00:00:00 2001 From: Hans Zandbelt <hans.zandbelt@zmartzone.eu> Date: Thu, 22 Jul 2021 15:29:47 +0200 Subject: [PATCH] use redisvCommand to avoid crash with crafted key when using Redis without encryption --- ChangeLog | 3 +++ Dockerfile | 2 +- openidc.conf | 3 +++ src/cache/redis.c | 24 ++++++++++++------------ 4 files changed, 19 insertions(+), 13 deletions(-) Index: mod_auth_openidc-2.3.8/src/cache/redis.c =================================================================== --- mod_auth_openidc-2.3.8.orig/src/cache/redis.c +++ mod_auth_openidc-2.3.8/src/cache/redis.c @@ -211,10 +211,12 @@ static void oidc_cache_redis_reply_free( * execute Redis command and deal with return value */ static redisReply* oidc_cache_redis_command(request_rec *r, - oidc_cache_cfg_redis_t *context, const char *command) { + oidc_cache_cfg_redis_t *context, const char *format, ...) { redisReply *reply = NULL; int i = 0; + va_list ap; + va_start(ap, format); /* try to execute a command at max 2 times while reconnecting */ for (i = 0; i < OIDC_REDIS_MAX_TRIES; i++) { @@ -237,7 +239,7 @@ static redisReply* oidc_cache_redis_comm } /* execute the actual command */ - reply = redisCommand(context->ctx, command); + reply = redisvCommand(context->ctx, format, ap); /* check for errors, need to return error replies for cache miss case REDIS_REPLY_NIL */ if ((reply != NULL) && (reply->type != REDIS_REPLY_ERROR)) @@ -257,6 +259,8 @@ static redisReply* oidc_cache_redis_comm oidc_cache_redis_free(context); } + va_end(ap); + return reply; } @@ -277,9 +281,8 @@ static apr_byte_t oidc_cache_redis_get(r return FALSE; /* get */ - reply = oidc_cache_redis_command(r, context, - apr_psprintf(r->pool, "GET %s", - oidc_cache_redis_get_key(r->pool, section, key))); + reply = + oidc_cache_redis_command(r, context, "GET %s", oidc_cache_redis_get_key(r->pool, section, key)); if (reply == NULL) goto end; @@ -336,9 +339,8 @@ static apr_byte_t oidc_cache_redis_set(r if (value == NULL) { /* delete it */ - reply = oidc_cache_redis_command(r, context, - apr_psprintf(r->pool, "DEL %s", - oidc_cache_redis_get_key(r->pool, section, key))); + reply = + oidc_cache_redis_command(r, context, "DEL %s", oidc_cache_redis_get_key(r->pool, section, key)); } else { @@ -346,10 +348,8 @@ static apr_byte_t oidc_cache_redis_set(r timeout = apr_time_sec(expiry - apr_time_now()); /* store it */ - reply = oidc_cache_redis_command(r, context, - apr_psprintf(r->pool, "SETEX %s %d %s", - oidc_cache_redis_get_key(r->pool, section, key), - timeout, value)); + reply = + oidc_cache_redis_command(r, context, "SETEX %s %d %s", oidc_cache_redis_get_key(r->pool, section, key), timeout, value); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor