Project

General

Profile

Bug #25640

Bug in saml2_authn_context.c, XmlSnippet

Added by Paul Meurer over 1 year ago. Updated 5 months ago.

Status:
Solution déployée
Priority:
Haut
Category:
SAMLv2
Target version:
Start date:
12 Aug 2018
Due date:
% Done:

100%

Patch proposed:
Yes
Planning:
No

Description

The definition of the struct XmlSnippet in lasso-2.6.0/lasso/xml/saml-2.0/saml2_authn_context.c seems to be wrong.

I append a saml response XML file that doesn't parse with this wrong XmlSnippet.

Here is the fixed version (SNIPPET_JUMP_ON_MISS should be SNIPPET_JUMP_ON_MATCH in both occurrences).

static struct XmlSnippet schema_snippets[] = { { "AuthnContextClassRef", SNIPPET_CONTENT | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_3,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextClassRef), NULL, NULL, NULL}, { "AuthnContextDecl", SNIPPET_NODE | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_4,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDecl), NULL, NULL, NULL}, { "AuthnContextDeclRef", SNIPPET_CONTENT | SNIPPET_MANDATORY | SNIPPET_JUMP_3,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDeclRef), NULL, NULL, NULL}, { "AuthnContextDecl", SNIPPET_NODE | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_2,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDecl), NULL, NULL, NULL}, { "AuthnContextDeclRef", SNIPPET_CONTENT | SNIPPET_OPTIONAL,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDeclRef), NULL, NULL, NULL}, { "AuthenticatingAuthority", SNIPPET_CONTENT | SNIPPET_OPTIONAL,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthenticatingAuthority), NULL, NULL, NULL}, {NULL, 0, 0, NULL, NULL, NULL}
};

Best regards,
Paul Meurer

authn-context-bug.xml View (7.31 KB) Paul Meurer, 12 Aug 2018 03:01 PM

0001-xml-fix-parsing-of-saml-AuthnContext-fixes-25640.patch View (1.33 KB) Benjamin Dauvergne, 04 Sep 2018 10:43 AM

Associated revisions

Revision b891ed7d (diff)
Added by Benjamin Dauvergne over 1 year ago

xml: fix parsing of saml:AuthnContext (fixes #25640)

Decl/DeclRef are alternatives, when matching a Decl we should jump over
the DeclRef.

Revision 5070a06a (diff)
Added by Benjamin Dauvergne over 1 year ago

xml: fix parsing of saml:AuthnContext (fixes #25640)

Decl/DeclRef are alternatives, when matching a Decl we should jump over
the DeclRef.

History

#1 Updated by Benjamin Dauvergne over 1 year ago

No only the second JUMP_ON_MISS should be a JUMP_ON_MATCH, see the schema :

 * <complexType name="AuthnContextType">
 *   <sequence>
 *     <choice>
 *       <sequence>
 *         <element ref="saml:AuthnContextClassRef"/>
 *         <choice minOccurs="0">
 *           <element ref="saml:AuthnContextDecl"/>
 *           <element ref="saml:AuthnContextDeclRef"/>
 *         </choice>
 *       </sequence>
 *       <choice>
 *         <element ref="saml:AuthnContextDecl"/>
 *         <element ref="saml:AuthnContextDeclRef"/>
 *       </choice>
 *     </choice>
 *     <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
 *   </sequence>
 * </complexType>

Decl/DeclRef become mandatory if there is no ClassRef, it's optional otherwise, with a regexp like syntax :

( ClassRef ( Decl | DeclRef )? | ( Decl | DeclRef ) AuthenticatingAuthority* )

#2 Updated by Benjamin Dauvergne over 1 year ago

  • Assignee set to Benjamin Dauvergne

#3 Updated by Benjamin Dauvergne over 1 year ago

Could you check this smaller patch fix your instance of the problem ?

#4 Updated by Paul Meurer over 1 year ago

Yes, you are correct, obviously.
The smaller patch works for my problem. Thanks!

#5 Updated by Benjamin Dauvergne over 1 year ago

  • Status changed from Solution proposée to Solution validée

#6 Updated by Benjamin Dauvergne over 1 year ago

  • Status changed from Solution validée to Résolu (à déployer)
  • % Done changed from 0 to 100

#7 Updated by Thijs Kinkhorst 5 months ago

We ran into the same issue with the latest version of lasso (this is with NetIQ AM as an IdP). The patch indeed fixes it for us. So it would be great if a new release could be tagged!

#8 Updated by Benjamin Dauvergne 5 months ago

  • Status changed from Résolu (à déployer) to Solution déployée

Also available in: Atom PDF