From 2d7863482750891e11d5baa6d612235c6b52055c Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 26 Jul 2021 16:25:52 +0200
Subject: [PATCH] In lasso_saml20_login_process_response_status_and_assertion
 remove dead switch (#54689)

In case VERIFY_HINT was set to IGNORE and the login signature was
incorrect, lasso_saml20_login_process_response_status_and_assertion
would have jumped straight to the cleanup label which just returns the
return code.

Related: https://dev.entrouvert.org/issues/54689
License: MIT
---
 lasso/saml-2.0/login.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 1769ca1c..da2e606d 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -1373,7 +1373,7 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
 	char *status_value;
 	lasso_error_t rc = 0;
 	lasso_error_t assertion_signature_status = 0;
-	LassoProfileSignatureVerifyHint verify_hint;
+	LassoProfileSignatureVerifyHint verify_hint = LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST;
 
 	profile = &login->parent;
 	lasso_extract_node_or_fail(response, profile->response, SAMLP2_STATUS_RESPONSE,
@@ -1494,19 +1494,6 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
 		lasso_assign_gobject (login->private_data->saml2_assertion, last_assertion);
 	}
 
-	switch (verify_hint) {
-		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
-		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
-			break;
-		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
-			/* ignore signature errors */
-			if (rc == LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE) {
-				rc = 0;
-			}
-			break;
-		default:
-			g_assert(0);
-	}
 cleanup:
 	return rc;
 }