From 4a9d6f6ca3f90e33aea16ae2b35023985e1207a5 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 24 Jun 2021 02:21:14 +0200
Subject: [PATCH] Prevent multiple OneTimeUse elements (#52961)

"A SAML authority MUST NOT include more than one <OneTimeUse> element within a
<Conditions>element of an assertion"
---
 lasso/saml-2.0/saml2_helper.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lasso/saml-2.0/saml2_helper.c b/lasso/saml-2.0/saml2_helper.c
index 729df7a5..2626c7c7 100644
--- a/lasso/saml-2.0/saml2_helper.c
+++ b/lasso/saml-2.0/saml2_helper.c
@@ -333,12 +333,15 @@ lasso_saml2_assertion_set_one_time_use(LassoSaml2Assertion *saml2_assertion,
 	g_return_if_fail (LASSO_IS_SAML2_ASSERTION (saml2_assertion));
 
 	saml2_conditions = lasso_saml2_assertion_get_conditions(saml2_assertion, TRUE);
-	lasso_list_add_new_gobject (saml2_conditions->OneTimeUse, lasso_saml2_one_time_use_new());
 	if (one_time_use) {
-		lasso_list_add_new_gobject(saml2_conditions->OneTimeUse,
-				lasso_saml2_one_time_use_new());
+		if (! saml2_conditions->OneTimeUse) {
+			lasso_list_add_new_gobject(saml2_conditions->OneTimeUse,
+					lasso_saml2_one_time_use_new());
+		}
 	} else {
-		lasso_release_list_of_gobjects(saml2_conditions->OneTimeUse);
+		if (saml2_conditions->OneTimeUse) {
+			lasso_release_list_of_gobjects(saml2_conditions->OneTimeUse);
+		}
 	}
 }
 
-- 
2.32.0.rc0