Projet

Général

Profil

0001-tools-fix-segfault-in-lasso_get_saml_message-fixes-2.patch

Benjamin Dauvergne, 27 juin 2018 19:29

Télécharger (2,5 ko)

Voir les différences: 

Subject: [PATCH] tools: fix segfault in lasso_get_saml_message (fixes #24830)

We reuse the "message" local variable but we should not.
Also fix a segfault in lasso_xmltextreader_from_message() when getting
the length of "message" before checking if it is NULL or not.

 lasso/xml/tools.c   | 7 ++++---
 tests/basic_tests.c | 8 +++++++-
 2 files changed, 11 insertions(+), 4 deletions(-)
lasso/xml/tools.c
3056 3056 
	int i = 0;
3057 3057 
	char *enc = NULL;
3058 3058 
	char *message = NULL;
3059 
	char *saml_message = NULL;
3059 3060 
	char *decoded_message = NULL;
3060 3061 
	xmlChar *field = NULL;
3061 3062 
	char *t = NULL;
......
3096 3097 
		goto cleanup;
3097 3098 
	}
3098 3099 
	/* rc contains the length of the result */
3099 
	message = (char*)lasso_inflate((unsigned char*) decoded_message, rc);
3100 
	saml_message = (char*)lasso_inflate((unsigned char*) decoded_message, rc);
3100 3101 
cleanup:
3101 3102 
	if (decoded_message) {
3102 3103 
		lasso_release(decoded_message);
3103 3104 
	}
3104 
	return message;
3105 
	return saml_message;
3105 3106 
}
3106 3107 

  		




  3107
  3108
  
    
/**

  		




  ......




  3126
  3127
  
    
		if (needle && message[len-1] != '=') {

  		




  3127
  3128
  
    
			query_fields = lasso_urlencoded_to_strings(message);

  		




  3128
  3129
  
    
			message = *to_free = lasso_get_saml_message(query_fields);

  		




  3129
  
  
    
			len = strlen(message);

  		




  3130
  3130
  
    
			if (! message) {

  		




  3131
  3131
  
    
				goto cleanup;

  		




  3132
  3132
  
    
			}

  		




  
  3133
  
    
			len = strlen(message);

  		




  3133
  3134
  
    
		} else { /* POST */

  		




  3134
  3135
  
    
			int rc = 0;

  		




  3135
  3136
  
    

  		












  

    
      tests/basic_tests.c
    
  





  2082
  2082
  
    
}

  		




  2083
  2083
  
    
END_TEST

  		




  2084
  2084
  
    

  		




  2085
  
  
    
/* test load federation */

  		




  
  2085
  
    
/* test get issuer */

  		




  2086
  2086
  
    
START_TEST(test16_test_get_issuer)

  		




  2087
  2087
  
    
{

  		




  2088
  2088
  
    
	char *content = NULL;

  		




  ......




  2169
  2169
  
    
	lasso_release_gobject(spLoginContext);

  		




  2170
  2170
  
    
	lasso_release_gobject(spServerContext);

  		




  2171
  2171
  
    

  		




  
  2172
  
    
	begin_check_do_log("Lasso", G_LOG_LEVEL_DEBUG, "could not decode POST SAML message", TRUE);

  		




  
  2173
  
    
	check_null(lasso_profile_get_issuer(""));

  		




  
  2174
  
    
	end_check_do_log("Lasso");

  		




  
  2175
  
    
	begin_check_do_log("Lasso", G_LOG_LEVEL_DEBUG, "message is not base64", TRUE);

  		




  
  2176
  
    
	check_null(lasso_profile_get_issuer("SAMLRequest=!!hello!!"));

  		




  
  2177
  
    
	end_check_do_log("Lasso");

  		




  2172
  2178
  
    
}

  		




  2173
  2179
  
    
END_TEST

  		




  2174
  2180
  
    

  		




  2175
  
  
    
-