Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP6:GA
apache2-mod_auth_mellon
fix-CVE-2021-3639.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-CVE-2021-3639.patch of Package apache2-mod_auth_mellon
From 42a11261b9dad2e48d70bdff7c53dd57a12db6f5 Mon Sep 17 00:00:00 2001 From: AIMOTO Norihito <aimoto@osstech.co.jp> Date: Tue, 6 Jul 2021 22:57:24 +0200 Subject: [PATCH] Prevent redirect to URLs that begin with '///' Visiting a logout URL like this: https://rp.example.co.jp/mellon/logout?ReturnTo=///fishing-site.example.com/logout.html would have redirected the user to fishing-site.example.com With the patch, this URL would be rejected. Fixes: CVE-2021-3639 --- auth_mellon_util.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/auth_mellon_util.c b/auth_mellon_util.c index 2f8c9c3..6a686db 100644 --- a/auth_mellon_util.c +++ b/auth_mellon_util.c @@ -927,6 +927,10 @@ int am_check_url(request_rec *r, const char *url) { const char *i; + if (url == NULL) { + return HTTP_BAD_REQUEST; + } + for (i = url; *i; i++) { if (*i >= 0 && *i < ' ') { /* Deny all control-characters. */ @@ -943,6 +947,12 @@ int am_check_url(request_rec *r, const char *url) } } + if (strstr(url, "///") == url) { + AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, HTTP_BAD_REQUEST, r, + "URL starts with '///'"); + return HTTP_BAD_REQUEST; + } + return OK; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor