Projet

Général

Profil

0002-In-lasso_saml20_login_process_response_status_and_as.patch

Benjamin Dauvergne, 17 novembre 2022 10:46

Télécharger (1,05 ko)

Voir les différences: 

Subject: [PATCH 2/2] In
 lasso_saml20_login_process_response_status_and_assertion does not overwirte
 signature_status with rc which is always at 0 (#54689)

We are losing information in this case, like if the response was not
signed.

 lasso/saml-2.0/login.c | 5 -----
 1 file changed, 5 deletions(-)
lasso/saml-2.0/login.c
1484 1484 
		last_assertion = assertion;
1485 1485 
	lasso_foreach_full_end();
1486 1486 

  		




  1487
  
  
    
	/* set the profile signature status only after all the signatures are

  		




  1488
  
  
    
	 * verified.

  		




  1489
  
  
    
	 */

  		




  1490
  
  
    
	profile->signature_status = rc;

  		




  1491
  
  
    

  		




  1492
  1487
  
    
	/* set the default assertion to the last one */

  		




  1493
  1488
  
    
	if (last_assertion) {

  		




  1494
  1489
  
    
		lasso_assign_gobject (login->private_data->saml2_assertion, last_assertion);

  		




  1495
  
  
    
-