rfc3986.patch
lasso/id-ff/login.c | ||
---|---|---|
988 | 988 |
} |
989 | 989 | |
990 | 990 |
b64_samlArt = xmlStrdup((xmlChar*)login->assertionArtifact); |
991 |
relayState = xmlURIEscapeStr( |
|
991 |
relayState = lasso_xmlURIEscapeStr(
|
|
992 | 992 |
(xmlChar*)LASSO_LIB_AUTHN_REQUEST(profile->request)->RelayState, NULL); |
993 | 993 | |
994 | 994 |
if (http_method == LASSO_HTTP_METHOD_REDIRECT) { |
995 |
xmlChar *escaped_artifact = xmlURIEscapeStr(b64_samlArt, NULL); |
|
995 |
xmlChar *escaped_artifact = lasso_xmlURIEscapeStr(b64_samlArt, NULL);
|
|
996 | 996 |
gchar *query = NULL; |
997 | 997 | |
998 | 998 |
if (relayState == NULL) { |
lasso/xml/private.h | ||
---|---|---|
287 | 287 | |
288 | 288 |
char * lasso_get_relaystate_from_query(const char *query); |
289 | 289 |
char * lasso_url_add_parameters(char *url, gboolean free, ...); |
290 |
xmlChar * lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list); |
|
290 | 291 |
xmlSecKey* lasso_xmlsec_load_private_key_from_buffer(const char *buffer, size_t length, const char *password, LassoSignatureMethod signature_method, const char *certificate); |
291 | 292 |
xmlSecKey* lasso_xmlsec_load_private_key(const char *filename_or_buffer, const char *password, |
292 | 293 |
LassoSignatureMethod signature_method, const char *certificate); |
lasso/xml/tools.c | ||
---|---|---|
36 | 36 |
#define _BSD_SOURCE |
37 | 37 |
#include "private.h" |
38 | 38 |
#include <string.h> |
39 |
#include <strings.h> |
|
39 | 40 |
#include <time.h> |
40 | 41 |
#include <ctype.h> |
41 | 42 |
#include <stdarg.h> |
... | ... | |
540 | 541 |
} |
541 | 542 | |
542 | 543 |
{ |
543 |
const char *t = (char*)xmlURIEscapeStr(algo_href, NULL); |
|
544 |
const char *t = (char*)lasso_xmlURIEscapeStr(algo_href, NULL);
|
|
544 | 545 |
new_query = g_strdup_printf("%s&SigAlg=%s", query, t); |
545 | 546 |
xmlFree(BAD_CAST t); |
546 | 547 |
} |
... | ... | |
662 | 663 |
/* Base64 encode the signature value */ |
663 | 664 |
b64_sigret = xmlSecBase64Encode(sigret, sigret_size, 0); |
664 | 665 |
/* escape b64_sigret */ |
665 |
e_b64_sigret = xmlURIEscapeStr((xmlChar*)b64_sigret, NULL); |
|
666 |
e_b64_sigret = lasso_xmlURIEscapeStr((xmlChar*)b64_sigret, NULL);
|
|
666 | 667 | |
667 | 668 |
/* add signature */ |
668 | 669 |
switch (sign_method) { |
... | ... | |
1307 | 1308 |
b64_ret = xmlSecBase64Encode(ret, stream.total_out, 0); |
1308 | 1309 |
lasso_release(ret); |
1309 | 1310 | |
1310 |
ret = xmlURIEscapeStr(b64_ret, NULL); |
|
1311 |
ret = lasso_xmlURIEscapeStr(b64_ret, NULL);
|
|
1311 | 1312 |
rret = g_strdup((char*)ret); |
1312 | 1313 |
xmlFree(b64_ret); |
1313 | 1314 |
xmlFree(ret); |
... | ... | |
2329 | 2330 |
if (! key) { |
2330 | 2331 |
break; |
2331 | 2332 |
} |
2332 |
encoded_key = xmlURIEscapeStr((xmlChar*)key, NULL); |
|
2333 |
encoded_key = lasso_xmlURIEscapeStr((xmlChar*)key, NULL);
|
|
2333 | 2334 |
goto_cleanup_if_fail(encoded_key); |
2334 | 2335 | |
2335 | 2336 |
value = va_arg(ap, char*); |
... | ... | |
2337 | 2338 |
message(G_LOG_LEVEL_CRITICAL, "lasso_url_add_parameter: key without a value !!"); |
2338 | 2339 |
break; |
2339 | 2340 |
} |
2340 |
encoded_value = xmlURIEscapeStr((xmlChar*)value, NULL); |
|
2341 |
encoded_value = lasso_xmlURIEscapeStr((xmlChar*)value, NULL);
|
|
2341 | 2342 |
goto_cleanup_if_fail(encoded_value); |
2342 | 2343 | |
2343 | 2344 |
if (old_url) { |
... | ... | |
2480 | 2481 |
return TRUE; |
2481 | 2482 |
} |
2482 | 2483 | |
2484 |
/** |
|
2485 |
* lasso_xmlURIEscapeStr: |
|
2486 |
* @from: the source URI string |
|
2487 |
* @list: optional list of characters not to escape |
|
2488 |
* |
|
2489 |
* Drop-in replacement for libxml2 xmlURIEscapeStr(), but encoding |
|
2490 |
* everything but [A-Za-z0-9._~-] which are the unreserved chartacters |
|
2491 |
* for RFC3986 section 2.3 |
|
2492 |
* |
|
2493 |
* Return value: a buffer containing the URL-encoded string or NULL on error |
|
2494 |
*/ |
|
2495 |
xmlChar * |
|
2496 |
lasso_xmlURIEscapeStr(const xmlChar *from, const xmlChar *list) |
|
2497 |
{ |
|
2498 |
size_t len = 0; |
|
2499 |
const xmlChar *fp; |
|
2500 |
xmlChar *result; |
|
2501 |
int ri; |
|
2502 | ||
2503 |
if (list == NULL) |
|
2504 |
list = ""; |
|
2505 | ||
2506 |
for (fp = from; *fp; fp++) { |
|
2507 |
if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp)) |
|
2508 |
len++; |
|
2509 |
else |
|
2510 |
len += 3; |
|
2511 |
} |
|
2512 | ||
2513 |
result = g_malloc0(len + 1); |
|
2514 |
ri = 0; |
|
2515 | ||
2516 |
for (fp = from; *fp; fp++) { |
|
2517 |
if (isalnum(*fp) || index("._~-", *fp) || index(list, *fp)) { |
|
2518 |
result[ri++] = *fp; |
|
2519 |
} else { |
|
2520 |
int msb = (*fp & 0xf0) >> 4; |
|
2521 |
int lsb = *fp & 0x0f; |
|
2522 | ||
2523 |
result[ri++] = '%'; |
|
2524 |
result[ri++] = (msb > 9) ? 'A' + msb - 10 : '0' + msb; |
|
2525 |
result[ri++] = (lsb > 9) ? 'A' + lsb - 10 : '0' + lsb; |
|
2526 |
} |
|
2527 |
} |
|
2528 | ||
2529 |
result[ri++] = '\0'; |
|
2530 | ||
2531 |
return result; |
|
2532 |
} |
|
2533 | ||
2483 | 2534 |
/** |
2484 | 2535 |
* lasso_xmlsec_load_private_key_from_buffer: |
2485 | 2536 |
* @buffer: a buffer containing a key in any format |
lasso/xml/xml.c | ||
---|---|---|
3120 | 3120 |
s = xmlGetProp(t, a->name); |
3121 | 3121 |
g_string_append(result, a->name); |
3122 | 3122 |
g_string_append(result, "="); |
3123 |
s2 = xmlURIEscapeStr(s, NULL); |
|
3123 |
s2 = lasso_xmlURIEscapeStr(s, NULL);
|
|
3124 | 3124 |
g_string_append(result, s2); |
3125 | 3125 |
xmlFree(s2); |
3126 | 3126 |
xmlFree(s); |
... | ... | |
3140 | 3140 |
g_string_append(result, (char*)c->name); |
3141 | 3141 |
g_string_append(result, "="); |
3142 | 3142 |
s = xmlNodeGetContent(c); |
3143 |
s2 = xmlURIEscapeStr(s, NULL); |
|
3143 |
s2 = lasso_xmlURIEscapeStr(s, NULL);
|
|
3144 | 3144 |
g_string_append(result, (char*)s2); |
3145 | 3145 |
xmlFree(s2); |
3146 | 3146 |
xmlFree(s); |
... | ... | |
3263 | 3263 |
g_string_append(s, "&"); |
3264 | 3264 |
g_string_append(s, field_name); |
3265 | 3265 |
g_string_append(s, "="); |
3266 |
t = xmlURIEscapeStr((xmlChar*)v, NULL); |
|
3266 |
t = lasso_xmlURIEscapeStr((xmlChar*)v, NULL);
|
|
3267 | 3267 |
g_string_append(s, (char*)t); |
3268 | 3268 |
xmlFree(t); |
3269 | 3269 |
} |
... | ... | |
3634 | 3634 |
value = lasso_node_build_deflated_query(node); |
3635 | 3635 |
if (! value) |
3636 | 3636 |
goto cleanup; |
3637 |
encoded_param = xmlURIEscapeStr(BAD_CAST param_name, NULL); |
|
3637 |
encoded_param = lasso_xmlURIEscapeStr(BAD_CAST param_name, NULL);
|
|
3638 | 3638 |
if (! encoded_param) |
3639 | 3639 |
goto cleanup; |
3640 | 3640 |
query = g_strdup_printf("%s=%s", encoded_param, value); |