43 lines
1.4 KiB
Diff
43 lines
1.4 KiB
Diff
From 42a14e1d7a3fff62fc6b20df56f6dc38f086effd Mon Sep 17 00:00:00 2001
|
|
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
|
|
Date: Fri, 30 Apr 2021 19:33:38 +0200
|
|
Subject: [PATCH] fix potential crash when Content-Type is not set in
|
|
POST requests thanks JPCERT/CC; release 2.4.8
|
|
|
|
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
|
|
---
|
|
configure.ac | 2 +-
|
|
src/util.c | 5 ++---
|
|
2 files changed, 3 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 7e8353c..50b555f 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -1,4 +1,4 @@
|
|
-AC_INIT([mod_auth_openidc],[2.4.4rc8],[hans.zandbelt@zmartzone.eu])
|
|
+AC_INIT([mod_auth_openidc],[2.4.8],[hans.zandbelt@zmartzone.eu])
|
|
|
|
AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
|
|
|
|
diff --git a/src/util.c b/src/util.c
|
|
index ca13512..2306c3a 100644
|
|
--- a/src/util.c
|
|
+++ b/src/util.c
|
|
@@ -1526,10 +1526,9 @@ apr_byte_t oidc_util_read_post_params(request_rec *r, apr_table_t *table,
|
|
const char *content_type = NULL;
|
|
|
|
content_type = oidc_util_hdr_in_content_type_get(r);
|
|
- if ((r->method_number != M_POST) || (strstr(content_type,
|
|
+ if ((r->method_number != M_POST) || (content_type == NULL) || (strstr(content_type,
|
|
OIDC_CONTENT_TYPE_FORM_ENCODED) != content_type)) {
|
|
- oidc_debug(r, "required content-type %s not found",
|
|
- OIDC_CONTENT_TYPE_FORM_ENCODED);
|
|
+ oidc_debug(r, "required content-type %s not found", OIDC_CONTENT_TYPE_FORM_ENCODED);
|
|
goto end;
|
|
}
|
|
|
|
--
|
|
2.23.0
|
|
|