Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
dovecot23.20134
CVE-2021-29157.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-29157.patch of Package dovecot23.20134
diff --git a/src/lib-dict-extra/dict-fs.c b/src/lib-dict-extra/dict-fs.c index 31af57867e..f39c86cdf9 100644 --- a/src/lib-dict-extra/dict-fs.c +++ b/src/lib-dict-extra/dict-fs.c @@ -68,8 +68,37 @@ static void fs_dict_deinit(struct dict *_dict) i_free(dict); } +/* Remove unsafe paths */ +static const char *fs_dict_escape_key(const char *key) +{ + const char *ptr; + string_t *new_key = NULL; + /* we take the slow path always if we see potential + need for escaping */ + while ((ptr = strstr(key, "/.")) != NULL) { + /* move to the first dot */ + const char *ptr2 = ptr + 1; + /* find position of non-dot */ + while (*ptr2 == '.') ptr2++; + if (new_key == NULL) + new_key = t_str_new(strlen(key)); + str_append_data(new_key, key, ptr - key); + /* if ptr2 is / or end of string, escape */ + if (*ptr2 == '/' || *ptr2 == '\0') + str_append(new_key, "/..."); + else + str_append(new_key, "/."); + key = ptr + 2; + } + if (new_key == NULL) + return key; + str_append(new_key, key); + return str_c(new_key); +} + static const char *fs_dict_get_full_key(struct fs_dict *dict, const char *key) { + key = fs_dict_escape_key(key); if (str_begins(key, DICT_PATH_SHARED)) return key + strlen(DICT_PATH_SHARED); else if (str_begins(key, DICT_PATH_PRIVATE)) { --- a/src/lib-oauth2/oauth2-jwt.c-orig 2021-06-17 15:48:47.937069922 +0200 +++ b/src/lib-oauth2/oauth2-jwt.c 2021-06-17 15:53:29.843386458 +0200 @@ -45,6 +45,34 @@ return 1; } +/* Escapes '/' and '%' in identifier to %hex */ +static const char *escape_identifier(const char *identifier) +{ + size_t pos = strcspn(identifier, "/%"); + /* nothing to escape */ + if (identifier[pos] == '\0') + return identifier; + + size_t len = strlen(identifier); + string_t *new_id = t_str_new(len); + str_append_data(new_id, identifier, pos); + + for (size_t i = pos; i < len; i++) { + switch (identifier[i]) { + case '/': + str_append(new_id, "%2f"); + break; + case '%': + str_append(new_id, "%25"); + break; + default: + str_append_c(new_id, identifier[i]); + break; + } + } + return str_c(new_id); +} + static int oauth2_lookup_hmac_key(const struct oauth2_settings *set, const char *azp, const char *alg, const char *key_id, const buffer_t **hmac_key_r, @@ -403,31 +431,8 @@ else if (*kid == '\0') { *error_r = "'kid' field is empty"; return -1; - } - - size_t pos = strcspn(kid, "./%"); - if (pos < strlen(kid)) { - /* sanitize kid, cannot allow dots or / in it, so we encode them */ - string_t *new_kid = t_str_new(strlen(kid)); - /* put initial data */ - str_append_data(new_kid, kid, pos); - for (const char *c = kid+pos; *c != '\0'; c++) { - switch (*c) { - case '.': - str_append(new_kid, "%2e"); - break; - case '/': - str_append(new_kid, "%2f"); - break; - case '%': - str_append(new_kid, "%25"); - break; - default: - str_append_c(new_kid, *c); - break; - } - } - kid = str_c(new_kid); + } else { + kid = escape_identifier(kid); } /* parse body */ --- a/src/lib-oauth2/test-oauth2-jwt.c-orig 2021-06-17 15:47:42.257463288 +0200 +++ b/src/lib-oauth2/test-oauth2-jwt.c 2021-06-17 15:54:06.019172576 +0200 @@ -508,7 +508,7 @@ void *ptr = buffer_append_space_unsafe(secret, 32); random_fill(ptr, 32); buffer_t *b64_key = t_base64_encode(0, (size_t)-1, secret->data, secret->used); - save_key_to("HS256", "hello%2eworld%2f%25", str_c(b64_key)); + save_key_to("HS256", "hello.world%2f%25", str_c(b64_key)); /* make a token */ buffer_t *tokenbuf = create_jwt_token_kid("HS256", "hello.world/%"); /* sign it */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor