packages/ovirt-engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ovirt-engine/CVE-2020-10775.patch

92 lines
4.0 KiB
Diff
Raw Blame History

diff -Naru a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java
--- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java 2020-11-19 01:15:47.000000000 +0800
+++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java 2022-06-06 10:28:53.426920000 +0800
@@ -8,6 +8,7 @@
import javax.naming.InitialContext;
import javax.naming.NamingException;
+import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -41,7 +42,7 @@
}
@Override
- public void init() {
+ public void init() throws ServletException {
String strVal = getServletConfig().getInitParameter("login-as-admin");
if (strVal == null) {
throw new RuntimeException("No login-as-admin init parameter specified for SsoPostLoginServlet.");
diff -Naru a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java
--- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java 2020-11-19 01:15:47.000000000 +0800
+++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java 2022-06-06 10:27:53.774598000 +0800
@@ -135,7 +135,6 @@
if (StringUtils.isNotBlank(alternateFqdnString)) {
Arrays.stream(alternateFqdnString.trim().split("\\s *"))
.filter(StringUtils::isNotBlank)
- .map(String::toLowerCase)
.forEach(allowedDomains::add);
}
@@ -144,7 +143,7 @@
private static String parseHostFromUrl(String url, String urlPropertyName) {
try {
- return new URI(url).getHost().toLowerCase();
+ return new URI(url).getHost();
} catch (URISyntaxException e) {
throw new IllegalStateException(urlPropertyName + " not a valid URI: " + url);
}
diff -Naru a/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java b/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java
--- a/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java 2020-11-19 01:15:47.000000000 +0800
+++ b/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java 2022-06-06 10:26:52.261144000 +0800
@@ -38,23 +38,6 @@
}
@Test
- public void shouldMatchAppUrlDomainOnAlternateSSOEngineUrlRegardlessUpperCase() {
- // given
- EngineLocalConfig.getInstance(new HashMap<>() {
- {
- put("SSO_ENGINE_URL", "https://engine.example.com:8221/ovirt-engine");
- put("SSO_ALTERNATE_ENGINE_FQDNS", "engine1.example.com ALTERNATE-engine.example.com");
- }
- });
-
- // when
- boolean valid = SsoUtils.isDomainValid("https://alternate-engine.EXAMPLE.com:20001/somerest/api_v9");
-
- // then
- Assertions.assertTrue(valid);
- }
-
- @Test
public void shouldAllowBlankAppUrl() {
// given
EngineLocalConfig.getInstance(new HashMap<>() {
@@ -103,23 +86,6 @@
// then
Assertions.assertTrue(valid);
- }
-
- @Test
- public void shouldMatchAppUrlDomainOnSSOEngineUrlRegardlessUpperCase() {
- // given
- EngineLocalConfig.getInstance(new HashMap<>() {
- {
- put("SSO_ENGINE_URL", "https://engine.EXAMPLE.com:30003/ovirt-engine");
- put("SSO_ALTERNATE_ENGINE_FQDNS", "alternate-engine.example.com");
- }
- });
-
- // when
- boolean valid = SsoUtils.isDomainValid("https://ENGINE.example.com:20001/somerest/api_v9");
-
- // then
- Assertions.assertTrue(valid);
}
@Test
Reference in New Issue View Git Blame Copy Permalink