entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

Missing check for Sig_Alg value 

Initialize the sig_alg value to NULL (The compilers was complaining it may
be used initialized), but also make sure to check the re is any sig_alg at
all, otherwise return a proper error.

License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
This commit is contained in:
Simo Sorce 2014-06-09 12:44:48 -04:00 committed by Benjamin Dauvergne
parent 899f5c8880
commit 80757431b3
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lasso/xml/tools.c
View File

@ -800,7 +800,7 @@ lasso_saml2_query_verify_signature(const char *query, const xmlSecKey *sender_pu
int n = 0;
char *saml_request_response = NULL;
char *relaystate = NULL;
char *sig_alg, *usig_alg = NULL;
char *sig_alg = NULL, *usig_alg = NULL;
lasso_error_t rc = 0;
lasso_return_val_if_fail(query != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
@ -857,6 +857,9 @@ lasso_saml2_query_verify_signature(const char *query, const xmlSecKey *sender_pu
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_INVALID_QUERY);
}
if (! sig_alg) {
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGALG);
}
if (! b64_signature) {
goto_cleanup_with_rc(LASSO_DS_ERROR_SIGNATURE_NOT_FOUND);
}