Projet

Général

Profil

rfc3986.patch

Emmanuel Dreyfus, 30 juillet 2020 03:25

Télécharger (6,18 ko)

Voir les différences:


  

lasso/id-ff/login.c
988 988
	}
989 989

  
990 990
	b64_samlArt = xmlStrdup((xmlChar*)login->assertionArtifact);
991
	relayState = xmlURIEscapeStr(
991
	relayState = lasso_xmlURIEscapeStr(
992 992
			(xmlChar*)LASSO_LIB_AUTHN_REQUEST(profile->request)->RelayState, NULL);
993 993

  
994 994
	if (http_method == LASSO_HTTP_METHOD_REDIRECT) {
995
		xmlChar *escaped_artifact = xmlURIEscapeStr(b64_samlArt, NULL);
995
		xmlChar *escaped_artifact = lasso_xmlURIEscapeStr(b64_samlArt, NULL);
996 996
		gchar *query = NULL;
997 997

  
998 998
		if (relayState == NULL) {
lasso/xml/private.h
287 287

  
288 288
char * lasso_get_relaystate_from_query(const char *query);
289 289
char * lasso_url_add_parameters(char *url, gboolean free, ...);
290
xmlChar * lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list);
290 291
xmlSecKey* lasso_xmlsec_load_private_key_from_buffer(const char *buffer, size_t length, const char *password, LassoSignatureMethod signature_method, const char *certificate);
291 292
xmlSecKey* lasso_xmlsec_load_private_key(const char *filename_or_buffer, const char *password,
292 293
		LassoSignatureMethod signature_method, const char *certificate);
lasso/xml/tools.c
36 36
#define _BSD_SOURCE
37 37
#include "private.h"
38 38
#include <string.h>
39
#include <strings.h>
39 40
#include <time.h>
40 41
#include <ctype.h>
41 42
#include <stdarg.h>
......
540 541
	}
541 542

  
542 543
	{
543
		const char *t = (char*)xmlURIEscapeStr(algo_href, NULL);
544
		const char *t = (char*)lasso_xmlURIEscapeStr(algo_href, NULL);
544 545
		new_query = g_strdup_printf("%s&SigAlg=%s", query, t);
545 546
		xmlFree(BAD_CAST t);
546 547
	}
......
662 663
	/* Base64 encode the signature value */
663 664
	b64_sigret = xmlSecBase64Encode(sigret, sigret_size, 0);
664 665
	/* escape b64_sigret */
665
	e_b64_sigret = xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
666
	e_b64_sigret = lasso_xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
666 667

  
667 668
	/* add signature */
668 669
	switch (sign_method) {
......
1307 1308
	b64_ret = xmlSecBase64Encode(ret, stream.total_out, 0);
1308 1309
	lasso_release(ret);
1309 1310

  
1310
	ret = xmlURIEscapeStr(b64_ret, NULL);
1311
	ret = lasso_xmlURIEscapeStr(b64_ret, NULL);
1311 1312
	rret = g_strdup((char*)ret);
1312 1313
	xmlFree(b64_ret);
1313 1314
	xmlFree(ret);
......
2329 2330
		if (! key) {
2330 2331
			break;
2331 2332
		}
2332
		encoded_key = xmlURIEscapeStr((xmlChar*)key, NULL);
2333
		encoded_key = lasso_xmlURIEscapeStr((xmlChar*)key, NULL);
2333 2334
		goto_cleanup_if_fail(encoded_key);
2334 2335

  
2335 2336
		value = va_arg(ap, char*);
......
2337 2338
			message(G_LOG_LEVEL_CRITICAL, "lasso_url_add_parameter: key without a value !!");
2338 2339
			break;
2339 2340
		}
2340
		encoded_value = xmlURIEscapeStr((xmlChar*)value, NULL);
2341
		encoded_value = lasso_xmlURIEscapeStr((xmlChar*)value, NULL);
2341 2342
		goto_cleanup_if_fail(encoded_value);
2342 2343

  
2343 2344
		if (old_url) {
......
2480 2481
	return TRUE;
2481 2482
}
2482 2483

  
2484
/**
2485
 * lasso_xmlURIEscapeStr:
2486
 * @from: the source URI string
2487
 * @list: optional list of characters not to escape
2488
 *
2489
 * Drop-in replacement for libxml2 xmlURIEscapeStr(), but encoding
2490
 * everything but [A-Za-z0-9._~-] which are the unreserved chartacters
2491
 * for RFC3986 section 2.3
2492
 *
2493
 * Return value: a buffer containing the URL-encoded string or NULL on error
2494
 */
2495
xmlChar *
2496
lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list)
2497
{
2498
	size_t len = 0;
2499
	const xmlChar *fp;
2500
	xmlChar *result;
2501
	int ri;
2502

  
2503
	if (list == NULL)
2504
		list = "";
2505

  
2506
	for (fp = from; *fp; fp++) {
2507
		if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp))
2508
			len++;
2509
		else
2510
			len += 3;
2511
	}
2512

  
2513
	result = g_malloc0(len + 1);
2514
	ri = 0;
2515

  
2516
	for (fp = from; *fp; fp++) {
2517
		if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp)) {
2518
			result[ri++] = *fp;
2519
		} else {
2520
			int msb = (*fp & 0xf0) >> 4;
2521
			int lsb = *fp & 0x0f;
2522

  
2523
			result[ri++] = '%';
2524
			result[ri++] = (msb > 9) ? 'A' + msb - 10 : '0' + msb;
2525
			result[ri++] = (lsb > 9) ? 'A' + lsb - 10 : '0' + lsb;
2526
		}
2527
	}
2528

  
2529
	result[ri++] = '\0';
2530

  
2531
	return result;
2532
}
2533

  
2483 2534
/**
2484 2535
 * lasso_xmlsec_load_private_key_from_buffer:
2485 2536
 * @buffer: a buffer containing a key in any format
lasso/xml/xml.c
3120 3120
				s = xmlGetProp(t, a->name);
3121 3121
				g_string_append(result, a->name);
3122 3122
				g_string_append(result, "=");
3123
				s2 = xmlURIEscapeStr(s, NULL);
3123
				s2 = lasso_xmlURIEscapeStr(s, NULL);
3124 3124
				g_string_append(result, s2);
3125 3125
				xmlFree(s2);
3126 3126
				xmlFree(s);
......
3140 3140
				g_string_append(result, (char*)c->name);
3141 3141
				g_string_append(result, "=");
3142 3142
				s = xmlNodeGetContent(c);
3143
				s2 = xmlURIEscapeStr(s, NULL);
3143
				s2 = lasso_xmlURIEscapeStr(s, NULL);
3144 3144
				g_string_append(result, (char*)s2);
3145 3145
				xmlFree(s2);
3146 3146
				xmlFree(s);
......
3263 3263
				g_string_append(s, "&");
3264 3264
			g_string_append(s, field_name);
3265 3265
			g_string_append(s, "=");
3266
			t = xmlURIEscapeStr((xmlChar*)v, NULL);
3266
			t = lasso_xmlURIEscapeStr((xmlChar*)v, NULL);
3267 3267
			g_string_append(s, (char*)t);
3268 3268
			xmlFree(t);
3269 3269
		}
......
3634 3634
	value = lasso_node_build_deflated_query(node);
3635 3635
	if (! value)
3636 3636
		goto cleanup;
3637
	encoded_param = xmlURIEscapeStr(BAD_CAST param_name, NULL);
3637
	encoded_param = lasso_xmlURIEscapeStr(BAD_CAST param_name, NULL);
3638 3638
	if (! encoded_param)
3639 3639
		goto cleanup;
3640 3640
	query = g_strdup_printf("%s=%s", encoded_param, value);