commit cc8ff79d4dd67c09849efcbcc0f9c29a7c61f1eb
parent 95691c3e90e24f99ef6097e14350168d59ee73c7
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 8 May 2023 16:53:54 +0200
-check redirect_uri matches (schanzen-discovered bug)
Diffstat:
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/challenger/challenger-httpd_login.c b/src/challenger/challenger-httpd_login.c
@@ -134,6 +134,8 @@ CH_handler_login (struct CH_HandlerContext *hc,
uint32_t address_attempts_left;
enum GNUNET_DB_QueryStatus qs;
+ /* login_start will return 0 if a 'redirect_uri' was
+ configured for the client and this one differs. */
qs = CH_db->login_start (CH_db->cls,
&nonce,
client_id,
diff --git a/src/challengerdb/pg_login_start.c b/src/challengerdb/pg_login_start.c
@@ -63,9 +63,10 @@ CH_PG_login_start (void *cls,
"UPDATE validations SET"
" client_scope=$3"
" ,client_state=$4"
- " ,client_redirect_url=$5"
+ " ,client_redirect_url=$5::VARCHAR"
" WHERE nonce=$1"
" AND client_serial_id=$2"
+ " AND ($5::VARCHAR=COALESCE(client_redirect_url,$5::VARCHAR))"
" RETURNING"
" address"
" ,address_attempts_left;");
diff --git a/src/challengerdb/pg_setup_nonce.c b/src/challengerdb/pg_setup_nonce.c
@@ -46,7 +46,10 @@ CH_PG_setup_nonce (void *cls,
" (client_serial_id"
" ,nonce"
" ,expiration_time"
- ") VALUES ($1, $2, $3);");
+ " ,client_redirect_url"
+ ") SELECT $1, $2, $3, url"
+ " FROM CLIENTS"
+ " WHERE client_serial_id=$1;");
return GNUNET_PQ_eval_prepared_non_select (pg->conn,
"setup_nonce",
params);
