Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
apache2-mod_auth_openidc
fix-CVE-2021-32792-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-CVE-2021-32792-1.patch of Package apache2-mod_auth_openidc
From 55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 Mon Sep 17 00:00:00 2001 From: AIMOTO NORIHITO <aimoto@osstech.co.jp> Date: Mon, 28 Jun 2021 13:05:52 +0900 Subject: [PATCH] Add a function to escape Javascript characters --- src/mod_auth_openidc.c | 6 ++-- src/mod_auth_openidc.h | 1 + src/util.c | 81 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+), 3 deletions(-) Index: mod_auth_openidc-2.3.8/src/mod_auth_openidc.c =================================================================== --- mod_auth_openidc-2.3.8.orig/src/mod_auth_openidc.c +++ mod_auth_openidc-2.3.8/src/mod_auth_openidc.c @@ -469,7 +469,7 @@ apr_byte_t oidc_post_preserve_javascript " </script>\n", jmethod, json, location ? apr_psprintf(r->pool, "window.location='%s';\n", - location) : + oidc_util_javascript_escape(r->pool, location)) : ""); if (location == NULL) { if (javascript_method) @@ -517,7 +517,7 @@ static int oidc_request_post_preserved_r " document.forms[0].action = '%s';\n" " document.forms[0].submit();\n" " }\n" - " </script>\n", method, original_url); + " </script>\n", method, oidc_util_javascript_escape(r->pool, original_url)); const char *body = " <p>Restoring...</p>\n" " <form method=\"post\"></form>\n"; @@ -1559,7 +1559,7 @@ static int oidc_session_redirect_parent_ char *java_script = apr_psprintf(r->pool, " <script type=\"text/javascript\">\n" " window.top.location.href = '%s?session=logout';\n" - " </script>\n", oidc_get_redirect_uri(r, c)); + " </script>\n", oidc_util_javascript_escape(r->pool, oidc_get_redirect_uri(r, c))); return oidc_util_html_send(r, "Redirecting...", java_script, NULL, NULL, DONE); Index: mod_auth_openidc-2.3.8/src/mod_auth_openidc.h =================================================================== --- mod_auth_openidc-2.3.8.orig/src/mod_auth_openidc.h +++ mod_auth_openidc-2.3.8/src/mod_auth_openidc.h @@ -733,6 +733,7 @@ apr_byte_t oidc_json_object_get_string(a apr_byte_t oidc_json_object_get_int(apr_pool_t *pool, json_t *json, const char *name, int *value, const int default_value); apr_byte_t oidc_json_object_get_bool(apr_pool_t *pool, json_t *json, const char *name, int *value, const int default_value); char *oidc_util_html_escape(apr_pool_t *pool, const char *input); +char *oidc_util_javascript_escape(apr_pool_t *pool, const char *input); void oidc_util_table_add_query_encoded_params(apr_pool_t *pool, apr_table_t *table, const char *params); apr_hash_t * oidc_util_merge_key_sets(apr_pool_t *pool, apr_hash_t *k1, apr_hash_t *k2); apr_byte_t oidc_util_regexp_substitute(apr_pool_t *pool, const char *input, const char *regexp, const char *replace, char **output, char **error_str); Index: mod_auth_openidc-2.3.8/src/util.c =================================================================== --- mod_auth_openidc-2.3.8.orig/src/util.c +++ mod_auth_openidc-2.3.8/src/util.c @@ -370,6 +370,87 @@ char *oidc_util_html_escape(apr_pool_t * } /* + * JavaScript escape a string + */ +char* oidc_util_javascript_escape(apr_pool_t *pool, const char *s) { + const char *cp; + char *output; + size_t outputlen; + int i; + + if (s == NULL) { + return NULL; + } + + outputlen = 0; + for (cp = s; *cp; cp++) { + switch (*cp) { + case '\'': + case '"': + case '\\': + case '/': + case 0x0D: + case 0x0A: + outputlen += 2; + break; + case '<': + case '>': + outputlen += 4; + break; + default: + outputlen += 1; + break; + } + } + + i = 0; + output = apr_palloc(pool, outputlen + 1); + for (cp = s; *cp; cp++) { + switch (*cp) { + case '\'': + (void)strcpy(&output[i], "\\'"); + i += 2; + break; + case '"': + (void)strcpy(&output[i], "\\\""); + i += 2; + break; + case '\\': + (void)strcpy(&output[i], "\\\\"); + i += 2; + break; + case '/': + (void)strcpy(&output[i], "\\/"); + i += 2; + break; + case 0x0D: + (void)strcpy(&output[i], "\\r"); + i += 2; + break; + case 0x0A: + (void)strcpy(&output[i], "\\n"); + i += 2; + break; + case '<': + (void)strcpy(&output[i], "\\x3c"); + i += 4; + break; + case '>': + (void)strcpy(&output[i], "\\x3e"); + i += 4; + break; + default: + output[i] = *cp; + i += 1; + break; + } + } + output[i] = '\0'; + return output; +} + + +/* * get the URL scheme that is currently being accessed */ static const char *oidc_get_current_url_scheme(const request_rec *r) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor