From 42a14e1d7a3fff62fc6b20df56f6dc38f086effd Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Fri, 30 Apr 2021 19:33:38 +0200 Subject: [PATCH] fix potential crash when Content-Type is not set in POST requests thanks JPCERT/CC; release 2.4.8 Signed-off-by: Hans Zandbelt --- configure.ac | 2 +- src/util.c | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 7e8353c..50b555f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([mod_auth_openidc],[2.4.4rc8],[hans.zandbelt@zmartzone.eu]) +AC_INIT([mod_auth_openidc],[2.4.8],[hans.zandbelt@zmartzone.eu]) AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION()) diff --git a/src/util.c b/src/util.c index ca13512..2306c3a 100644 --- a/src/util.c +++ b/src/util.c @@ -1526,10 +1526,9 @@ apr_byte_t oidc_util_read_post_params(request_rec *r, apr_table_t *table, const char *content_type = NULL; content_type = oidc_util_hdr_in_content_type_get(r); - if ((r->method_number != M_POST) || (strstr(content_type, + if ((r->method_number != M_POST) || (content_type == NULL) || (strstr(content_type, OIDC_CONTENT_TYPE_FORM_ENCODED) != content_type)) { - oidc_debug(r, "required content-type %s not found", - OIDC_CONTENT_TYPE_FORM_ENCODED); + oidc_debug(r, "required content-type %s not found", OIDC_CONTENT_TYPE_FORM_ENCODED); goto end; } -- 2.23.0