From b9e0dfb82cc8dba086293cf8ca27773e0c7eb2c1 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Tue, 10 May 2022 15:27:10 +1000
Subject: [PATCH] fix: missing chars in authelia server 401

---
 root/defaults/authelia-server.conf | 2 +-
 root/etc/cont-init.d/50-config     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/root/defaults/authelia-server.conf b/root/defaults/authelia-server.conf
index 8bd63d0..5a2c36c 100644
--- a/root/defaults/authelia-server.conf
+++ b/root/defaults/authelia-server.conf
@@ -10,7 +10,7 @@ location ^~ /authelia {
 
 location = /authelia/api/verify {
     internal;
-    if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) {
+    if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]])\{\} {
         return 401;
     }
     include /config/nginx/resolver.conf;
diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config
index 9401ee0..8144fc1 100644
--- a/root/etc/cont-init.d/50-config
+++ b/root/etc/cont-init.d/50-config
@@ -109,7 +109,7 @@ fi
 
 # patch authelia-server.conf for CVE-2021-32637
 if ! grep -q 'if ($request_uri ~' /config/nginx/authelia-server.conf; then
-    sed -i '/internal;/a \ \ \ \ if ($request_uri ~ [^a-zA-Z0-9_+-=\\!@$%&*?~.:#'\''\\;\\(\\)\\[\\]]) { return 401; }' /config/nginx/authelia-server.conf
+    sed -i '/internal;/a \ \ \ \ if ($request_uri ~ [^a-zA-Z0-9_+-=\\!@$%&*?~.:#'\''\\;\\(\\)\\[\\]])\\{\\} { return 401; }' /config/nginx/authelia-server.conf
 fi
 
 # copy pre-generated dhparams or generate if needed