From b24659618d8985e1bc062e4d25822a12eb8e1f80 Mon Sep 17 00:00:00 2001
From: wangxiao65 <287608437@qq.com>
Date: Fri, 19 Feb 2021 15:48:32 +0800
Subject: [PATCH] fix CVE-2019-20479

---
 CVE-2019-20479.patch  | 28 ++++++++++++++++++++++++++++
 mod_auth_openidc.spec |  6 +++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2019-20479.patch

diff --git a/CVE-2019-20479.patch b/CVE-2019-20479.patch
new file mode 100644
index 0000000..71c8978
--- /dev/null
+++ b/CVE-2019-20479.patch
@@ -0,0 +1,28 @@
+From 2d20c58597c9f7065e5362e603a5c348141c45ea Mon Sep 17 00:00:00 2001
+From: AIMOTO NORIHITO <aimoto@osstech.co.jp>
+Date: Tue, 12 Nov 2019 17:09:23 +0900
+Subject: [PATCH] Fix open redirect starting with a slash and backslash
+
+---
+ src/mod_auth_openidc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
+index 2467a42..b47a697 100644
+--- a/src/mod_auth_openidc.c
++++ b/src/mod_auth_openidc.c
+@@ -3063,6 +3063,14 @@ static apr_byte_t oidc_validate_post_logout_url(request_rec *r, const char *url,
+                                                 url);
+                 oidc_error(r, "%s: %s", *err_str, *err_desc);
+                 return FALSE;
++        } else if ((uri.hostname == NULL) && (strstr(url, "/\\") == url)) {
++                *err_str = apr_pstrdup(r->pool, "Malformed URL");
++                *err_desc =
++                                apr_psprintf(r->pool,
++                                                "No hostname was parsed and starting with '/\\': %s",
++                                                url);
++                oidc_error(r, "%s: %s", *err_str, *err_desc);
++                return FALSE;
+ 	}
+ 
+ 	/* validate the URL to prevent HTTP header splitting */
diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec
index 0e8d6aa..a26b6e9 100644
--- a/mod_auth_openidc.spec
+++ b/mod_auth_openidc.spec
@@ -7,11 +7,12 @@
 
 Name:           mod_auth_openidc
 Version:        2.4.0.3
-Release:        2
+Release:        3
 Summary:        OpenID Connect Relying Party module for Apache 2.x HTTP Server
 License:        ASL 2.0
 URL:            https://github.com/zmartzone/mod_auth_openidc
 Source0:        https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz
+Patch0000:      CVE-2019-20479.patch
 
 BuildRequires:  gcc httpd-devel openssl-devel curl-devel jansson-devel
 BuildRequires:  pcre-devel autoconf automake cjose-devel jq-devel
@@ -58,5 +59,8 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/{metadata,cache}
 %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/{metadata,cache}
 
 %changelog
+* Fri Feb 19 2021 wangxiao <wangxiao65@huawei.com> 2.4.0.3-3
+- Fix CVE-2019-20479
+
 * Fri Apr 24 2020 Captain Wei <captain.a.wei@gmail.com> 2.4.0.3-2
 - Package init
-- 
Gitee