In this function id is required, so just assert if it is missing.
This also silences a warning about "reference" being used unintialized
if "id" is null.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
encode_key may be release when not initialized if va_args returns null
on the first while loop.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
The compiler complain about these values not being initialized.
come of them do not really matter as they are only really used when
later initialized in the code and the code paths would not use them
if not initialized in a previous block, however some of these seem
real issues.
In all cases make the compiler happy so we get less noise in the build
and less false positives in code chckers.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
Initialize the sig_alg value to NULL (The compilers was complaining it may
be used initialized), but also make sure to check the re is any sig_alg at
all, otherwise return a proper error.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
These values where being used without being initialized at least in some edge
cases. Make Coverity happy by properly initializing them.
Some of these are real bugs, not just silencing a tool.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
Coverity was complaining that tm was used uninitialized, but the truth is
that a third error condition where the string passed in matches no valid
format was not handled. Just return an error in that case.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
Although in this cases it may be safe to omit va_end() that is not generally
so with an arbitrary compiler on an arbitrary platform.
Quoting from the spec: "Each invocation of va_start() must be matched by
a corresponding invocation of va_end() in the same function."
note the "must"
Checker tools like Coverity complain if va_start() is not always paired with
va_end(), so this patch mutes them.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.
Signed-off-by: Simo Sorce <simo@redhat.com>
Libxml stopped exposing the internal of the xmlOutputBuffer structure;
it was replace by proper use of the API and of the xmlBuffer structure.
There could be regression for older version of libxml as some functions
appeared in recent version of libxml; but the reference API document
does not give any introduction date for functions so it's hard to be
sure.
The new implementations of lasso_node_impl_init_from_xml now validate
namespace of all child nodes befores parsing. It stops on any error. For
node which implement their own parsing of an attribute or a node, it
must declare an XmlSnippet with an offset field set to 0. The 0 value is
invalid for public GObject structure (it's the place of the GObject
machinery like the reference count). The 0 offset can be used for
XmlSnippet in a private structure, so never set the offset to 0 with the
flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode
virtual method.
Other ameliorations in this commit is the possibility to set attributes
with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The
syntax for an attribute is inspired by the element tree API from Python:
{namespace}attribute_name
an example:
{http://www.w3.org/2001/XMLSchema-instance}type
for the classic xsi:type attribute.
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.
Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
An empty reference means the complete document, so the signed node is
the root element of this document. We must check that the parameter
signe_node dmatches our assumption.
The node containing signature do not handle the private keys passwords.
As the fields for signature parameters are part of the public ABI we
cannot add the password field to the public structure for those nodes.
Instead we use the new quark annotation accessed through
lasso_node_get/set_signature, and if the sign_type parameter is non-NULL
we use it instead of the parameters stored in the public structure.
This is a gross hack :( but at least it is documented.
In order to permit subclass to modify the base xmlNode created by
lasso_node_impl_get_xmlNode we must defer the concrete to the virtual
method wrapper, lasso_node_get_xmlNode.
To do that it whas needed to make id_attribute another virtual field of
LassoNode subclasses (it can be accessed through an offset registered in
the class object).
This commit solves signature validation error since the patch for
managing more than one SessionIndex element in samlp2:LogoutRequest.
It also factorize the creation of signatures in one place.
* We now support the two possible formats for xsdtime XSchema datatype:
- dddd-dd-ddTdd:dd:ddZ
- dddd-dd-ddTdd:dd:dd.d*Z
Where d denotes a digit, and * is the kleene star.
XSD datetime also supports negative years, but as we cannot represent
them with time_t, we can reject it at the lexical level.
Benjamin Dauvergne
Simo Sorce
Frédéric Péters