IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Send only the path and not the full URI to httplib.request

Browse Source 
Sending the full uri was causing httplib to send requests as:

POST http://ipa.example.com/ca/admin/ca/getStatus HTTP/1.1

From what I can tell tomcat changed its URL handling due to a CVE
(BZ 1552375). This has been wrong in freeipa since the CA status
checking was added, d6fbbd5 , but tomcat handled it fine so we
didn't notice.

https://pagure.io/freeipa/issue/7883

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
Rob Crittenden 2019-03-18 19:07:39 -04:00
parent 33af8c75b3
commit 6defe32055
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipapython/dogtag.py
View File

@ -227,7 +227,7 @@ def _httplib_request(
try: try:
conn = connection_factory(host, port, **connection_options) conn = connection_factory(host, port, **connection_options)
conn.request(method, uri, body=request_body, headers=headers) conn.request(method, path, body=request_body, headers=headers)
res = conn.getresponse() res = conn.getresponse()
http_status = res.status http_status = res.status