Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
apache2-mod_auth_openidc.23743
apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.p...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch of Package apache2-mod_auth_openidc.23743
From 2d20c58597c9f7065e5362e603a5c348141c45ea Mon Sep 17 00:00:00 2001 From: AIMOTO NORIHITO <aimoto@osstech.co.jp> Date: Tue, 12 Nov 2019 17:09:23 +0900 Subject: [PATCH] Fix open redirect starting with a slash and backslash --- SUSE Bug 1164459 - (CVE-2019-20479) --- src/mod_auth_openidc.c | 8 ++++++++ 1 file changed, 8 insertions(+) Index: mod_auth_openidc-2.3.8/src/mod_auth_openidc.c =================================================================== --- mod_auth_openidc-2.3.8.orig/src/mod_auth_openidc.c +++ mod_auth_openidc-2.3.8/src/mod_auth_openidc.c @@ -2657,6 +2657,14 @@ static apr_byte_t oidc_validate_post_log url); oidc_error(r, "%s: %s", *err_str, *err_desc); return FALSE; + } else if ((uri.hostname == NULL) && (strstr(url, "/\\") == url)) { + *err_str = apr_pstrdup(r->pool, "Malformed URL"); + *err_desc = + apr_psprintf(r->pool, + "No hostname was parsed and starting with '/\\': %s", + url); + oidc_error(r, "%s: %s", *err_str, *err_desc); + return FALSE; } /* validate the URL to prevent HTTP header splitting */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor