[python-django-horizon/el6] CVE-2012-3540 vulnerability in authentication mechanism

Nuno Santos nsantos at fedoraproject.org
Tue Sep 4 15:21:52 UTC 2012 

commit fe3526aace7ba54eb73c3000928c2bae15c90d9a
Author: Nuno Santos <nsantos at redhat.com>
Date:   Tue Sep 4 11:21:23 2012 -0400

     CVE-2012-3540 vulnerability in authentication mechanism

 CVE-2012-3540-auth_forms.patch |   25 +++++++++++++++++++++++++
 python-django-horizon.spec     |    7 ++++++-
 2 files changed, 31 insertions(+), 1 deletions(-)
---
diff --git a/CVE-2012-3540-auth_forms.patch b/CVE-2012-3540-auth_forms.patch
new file mode 100644
index 0000000..38260d8
--- /dev/null
+++ b/CVE-2012-3540-auth_forms.patch
@@ -0,0 +1,25 @@
+--- a/horizon/views/auth_forms.py	
++++ a/horizon/views/auth_forms.py	
+@@ -28,6 +28,7 @@ from django import shortcuts
+ from django.conf import settings
+ from django.contrib import messages
+ from django.contrib.auth import REDIRECT_FIELD_NAME
++from django.utils.http import same_origin
+ from django.utils.translation import ugettext as _
+ from keystoneclient import exceptions as keystone_exceptions
+ 
+@@ -94,7 +95,13 @@ class Login(forms.SelfHandlingForm):
+         request.session['region_endpoint'] = endpoint
+         request.session['region_name'] = region_name
+ 
+-        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, "")
++        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, None)
++        # Make sure the requested redirect matches the protocol,
++        # domain, and port of this request
++        if redirect_to and not same_origin(
++                request.build_absolute_uri(redirect_to),
++                request.build_absolute_uri()):
++            redirect_to = None
+ 
+         if data.get('tenant', None):
+             try:
diff --git a/python-django-horizon.spec b/python-django-horizon.spec
index ae7c5dd..f1fa166 100644
--- a/python-django-horizon.spec
+++ b/python-django-horizon.spec
@@ -10,7 +10,7 @@
 
 Name:       python-django-horizon
 Version:    2012.1.1
-Release:    1%{?dist}
+Release:    2%{?dist}
 Summary:    Django application for talking to Openstack
 
 Group:      Development/Libraries
@@ -29,6 +29,7 @@ Patch0001: 0001-disable-debug-logging.patch
 Patch0002: 0002-default-database.patch
 Patch0003: 0003-fix-removal-of-python-django-nose-dependency.patch
 Patch4:    sphinx-sidebarwidth.patch
+Patch5:    CVE-2012-3540-auth_forms.patch
 
 Requires:   Django >= 1.3.0
 Requires:   openstack-glance >= 2012.1
@@ -94,6 +95,7 @@ Documentation for the Django Horizon application for talking with Openstack
 %patch0002 -p1
 %patch0003 -p1
 %patch4 -p1
+%patch5 -p1
 
 %build
 %{__python} setup.py build
@@ -143,6 +145,9 @@ python %{_datadir}/openstack-dashboard/manage.py collectstatic --noinput >/dev/n
 %doc html
 
 %changelog
+* Thu Aug 30 2012 Nuno Santos <nsantos at redhat.com> - 2012.1.1-2
+- CVE-2012-3540 vulnerability in authentication mechanism
+
 * Fri Jul  6 2012 Nuno Santos <nsantos at redhat.com> - 2012.1.1-1
 - Update to essex stable release 2012.1.1

More information about the scm-commits mailing list