Fixed #32578 -- Fixed crash in CsrfViewMiddleware when a request with Origin header has an invalid host.

This commit is contained in:
Chris Jerdonek 2021-03-25 00:35:49 -07:00 committed by Mariusz Felisiak
parent 5b618f239c
commit ff514309e1
2 changed files with 20 additions and 6 deletions

View File

@ -226,12 +226,17 @@ class CsrfViewMiddleware(MiddlewareMixin):
def _origin_verified(self, request): def _origin_verified(self, request):
request_origin = request.META['HTTP_ORIGIN'] request_origin = request.META['HTTP_ORIGIN']
good_origin = '%s://%s' % ( try:
'https' if request.is_secure() else 'http', good_host = request.get_host()
request.get_host(), except DisallowedHost:
) pass
if request_origin == good_origin: else:
return True good_origin = '%s://%s' % (
'https' if request.is_secure() else 'http',
good_host,
)
if request_origin == good_origin:
return True
if request_origin in self.allowed_origins_exact: if request_origin in self.allowed_origins_exact:
return True return True
try: try:

View File

@ -319,6 +319,15 @@ class CsrfViewMiddlewareTestMixin:
response = mw.process_view(req, token_view, (), {}) response = mw.process_view(req, token_view, (), {})
self.assertEqual(response.status_code, 403) self.assertEqual(response.status_code, 403)
def test_origin_malformed_host(self):
req = self._get_POST_no_csrf_cookie_request()
req._is_secure_override = True
req.META['HTTP_HOST'] = '@malformed'
req.META['HTTP_ORIGIN'] = 'https://www.evil.org'
mw = CsrfViewMiddleware(token_view)
response = mw.process_view(req, token_view, (), {})
self.assertEqual(response.status_code, 403)
@override_settings(DEBUG=True) @override_settings(DEBUG=True)
def test_https_malformed_referer(self): def test_https_malformed_referer(self):
""" """