0001-In-lasso_saml20_login_process_response_status_and_as.patch

Benjamin Dauvergne, 17 novembre 2022 21:20

Voir les différences: en ligne côte à côte

Subject: [PATCH 1/2] In
 lasso_saml20_login_process_response_status_and_assertion remove dead switch
 (#54689)

In case VERIFY_HINT was set to IGNORE and the login signature was
incorrect, lasso_saml20_login_process_response_status_and_assertion
would have jumped straight to the cleanup label which just returns the
return code.

Related: https://dev.entrouvert.org/issues/54689
License: MIT

 lasso/saml-2.0/login.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

     	char *status_value;
     	lasso_error_t rc = 0;
     	lasso_error_t assertion_signature_status = 0;
     	LassoProfileSignatureVerifyHint verify_hint;
     	LassoProfileSignatureVerifyHint verify_hint = LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST;
     	profile = &login->parent;
     	lasso_extract_node_or_fail(response, profile->response, SAMLP2_STATUS_RESPONSE,
-...
     		lasso_assign_gobject (login->private_data->saml2_assertion, last_assertion);
+    	}
     	switch (verify_hint) {
     		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
     		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
     			break;
     		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
     			/* ignore signature errors */
     			if (rc == LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE) {
     				rc = 0;
+    			}
     			break;
     		default:
     			g_assert(0);
+    	}
     cleanup:
     	return rc;
+    }
+    -

Projet

Général

Profil

Produits Entr'ouvert » Lasso

0001-In-lasso_saml20_login_process_response_status_and_as.patch