Package: horizon / 2012.1.1-10

CVE-2012-3540_disallow_login_redirect_other_than_same_origin.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Description: Disallow login redirects to anywhere other than the same origin.
Author: Paul McMillan <paul.mcmillan@nebula.com>
Origin: upstream
Bug-Debian: http://bugs.debian.org/686050
Bug-Ubuntu: https://launchpad.net/bugs/1039077

--- horizon-2012.1.1.orig/horizon/views/auth_forms.py
+++ horizon-2012.1.1/horizon/views/auth_forms.py
@@ -28,6 +28,7 @@ from django import shortcuts
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.utils.http import same_origin
 from django.utils.translation import ugettext as _
 from keystoneclient import exceptions as keystone_exceptions
 
@@ -94,7 +95,13 @@ class Login(forms.SelfHandlingForm):
         request.session['region_endpoint'] = endpoint
         request.session['region_name'] = region_name
 
-        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, "")
+        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, None)
+        # Make sure the requested redirect matches the protocol,
+        # domain, and port of this request
+        if redirect_to and not same_origin(
+                request.build_absolute_uri(redirect_to),
+                request.build_absolute_uri()):
+            redirect_to = None
 
         if data.get('tenant', None):
             try: