0001-lasso_saml20_login_process_response_status_and_asser.patch

Jakub Hrozek, 26 juillet 2021 16:28

Voir les différences: en ligne côte à côte

Subject: [PATCH] lasso_saml20_login_process_response_status_and_assertion:
 handle rc as per verify_hint

In case VERIFY_HINT was set to IGNORE and the login signature was
incorrect, lasso_saml20_login_process_response_status_and_assertion
would have jumped straight to the cleanup label which just returns the
return code. Let's jump to a new label handlerc instead which might set
the return code to 0 in case verify_hint is set to IGNORE.

Related: https://dev.entrouvert.org/issues/54689

 lasso/saml-2.0/login.c | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

     					&subject->NameID, &subject->EncryptedID));
     	lasso_foreach_full_end();
     	switch (verify_hint) {
     		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
     		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
     			break;
     		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
     			/* ignore signature errors */
     			if (rc == LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE) {
     				rc = 0;
+    			}
     			break;
     		default:
     			g_assert(0);
+    	}
     cleanup:
     	if (verify_hint == LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE &&
     		rc == LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE) {
     	    profile->signature_status = rc;
     	    rc = 0;
+    	}
     	return rc;
+    }
+    -

Projet

Général

Profil

Produits Entr'ouvert » Lasso

0001-lasso_saml20_login_process_response_status_and_asser.patch