!2 fix CVE-2019-20479

From: @wangxiao65 Reviewed-by: @zhanghua1831,@small_leek,@ruebb,@small_leek,@miao_kaibo Signed-off-by: @small_leek,@ruebb,@small_leek,@miao_kaibo
2021-02-22 09:41:25 +08:00 · 2021-02-22 09:41:25 +08:00 · 9701468c57
commit 9701468c57
parent d00f7a9a61 b24659618d
2 changed files with 33 additions and 1 deletions
--- a/CVE-2019-20479.patch
+++ b/CVE-2019-20479.patch
@ -0,0 +1,28 @@
+From 2d20c58597c9f7065e5362e603a5c348141c45ea Mon Sep 17 00:00:00 2001
+From: AIMOTO NORIHITO <aimoto@osstech.co.jp>
+Date: Tue, 12 Nov 2019 17:09:23 +0900
+Subject: [PATCH] Fix open redirect starting with a slash and backslash
+
+---
+ src/mod_auth_openidc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
+index 2467a42..b47a697 100644
+--- a/src/mod_auth_openidc.c
+++ b/src/mod_auth_openidc.c
+@@ -3063,6 +3063,14 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
+                                                 url);
+                 oidc_error(r, "%s: %s", *err_str, *err_desc);
+                 return FALSE;
+        } else if ((uri.hostname == NULL) && (strstr(url, "/\\") == url)) {
+                *err_str = apr_pstrdup(r->pool, "Malformed URL");
+                *err_desc =
+                                apr_psprintf(r->pool,
+                                                "No hostname was parsed and starting with '/\\': %s",
+                                                url);
+                oidc_error(r, "%s: %s", *err_str, *err_desc);
+                return FALSE;
+ 	}
+ 
+ 	/* validate the URL to prevent HTTP header splitting */
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@ -7,11 +7,12 @@

 Name:           mod_auth_openidc
 Version:        2.4.0.3
-Release:        2
+Release:        3
 Summary:        OpenID Connect Relying Party module for Apache 2.x HTTP Server
 License:        ASL 2.0
 URL:            https://github.com/zmartzone/mod_auth_openidc
 Source0:        https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz
+Patch0000:      CVE-2019-20479.patch

 BuildRequires:  gcc httpd-devel openssl-devel curl-devel jansson-devel
 BuildRequires:  pcre-devel autoconf automake cjose-devel jq-devel
@ -58,5 +59,8 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/{metadata,cache}
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/{metadata,cache}

 %changelog
+* Fri Feb 19 2021 wangxiao <wangxiao65@huawei.com> 2.4.0.3-3
+- Fix CVE-2019-20479
+
 * Fri Apr 24 2020 Captain Wei <captain.a.wei@gmail.com> 2.4.0.3-2
 - Package init