From: Ivan Afonichev <iafonichev@griddynamics.com>
Date: Thu, 27 Jan 2022 18:29:53 +0000 (+0400)
Subject: Absolute redirect with '://' in URL param should be valid
X-Git-Tag: v8.20~20^2
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=9c7a58a8976ffe80d0a397f86c8e152698d4a07c;p=users%2Fdwmw2%2Fopenconnect.git

Absolute redirect with '://' in URL param should be valid

Signed-off-by: Ivan Afonichev <ivan.afonichev@gmail.com>
---

diff --git a/http.c b/http.c
index 4967f4ec..fc6538c1 100644
--- a/http.c
+++ b/http.c
@@ -657,6 +657,13 @@ int handle_redirect(struct openconnect_info *vpninfo)
 		vpninfo->redirect_url = NULL;
 
 		return 0;
+        } else if (vpninfo->redirect_url[0] == '/') {
+                /* Absolute redirect within same host */
+                free(vpninfo->urlpath);
+                vpninfo->urlpath = strdup(vpninfo->redirect_url + 1);
+                free(vpninfo->redirect_url);
+                vpninfo->redirect_url = NULL;
+                return 0;
 	} else if (strstr(vpninfo->redirect_url, "://")) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Cannot follow redirection to non-https URL '%s'\n"),
@@ -664,13 +671,6 @@ int handle_redirect(struct openconnect_info *vpninfo)
 		free(vpninfo->redirect_url);
 		vpninfo->redirect_url = NULL;
 		return -EINVAL;
-	} else if (vpninfo->redirect_url[0] == '/') {
-		/* Absolute redirect within same host */
-		free(vpninfo->urlpath);
-		vpninfo->urlpath = strdup(vpninfo->redirect_url + 1);
-		free(vpninfo->redirect_url);
-		vpninfo->redirect_url = NULL;
-		return 0;
 	} else {
 		char *lastslash = NULL;
 		if (vpninfo->urlpath)