Verify Address in SubjectConfirmationData.

git-svn-id: https://modmellon.googlecode.com/svn/trunk/mod_mellon2@102 a716ebb1-153a-0410-b759-cfb97c6a1b53
2010-07-02 11:50:54 +00:00 · 2010-07-02 11:50:54 +00:00 · 563f07e7d7
parent 3c100009c6
commit 563f07e7d7
1 changed files with 10 additions and 0 deletions
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@ -1215,6 +1215,16 @@ static int am_validate_subject(request_rec *r, LassoSaml2Assertion *assertion,
        }
    }

+    if (scd->Address) {
+        if (strcasecmp(scd->Address, r->connection->remote_ip)) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                          "Wrong Address in SubjectConfirmationData."
+                          "Current address is \"%s\", but should have been \"%s\".",
+                          r->connection->remote_ip, scd->Address);
+            return HTTP_BAD_REQUEST;
+        }
+    }
+
    return OK;
 }