Project

General

Profile

Bug #25640

Bug in saml2_authn_context.c, XmlSnippet

Added by Paul Meurer 8 months ago. Updated 6 months ago.

Status:
Résolu (à déployer)
Priority:
Haut
Category:
SAMLv2
Target version:
Start date:
12 Aug 2018
Due date:
% Done:

100%

Patch proposed:
Yes
Planning:
No

Description

The definition of the struct XmlSnippet in lasso-2.6.0/lasso/xml/saml-2.0/saml2_authn_context.c seems to be wrong.

I append a saml response XML file that doesn't parse with this wrong XmlSnippet.

Here is the fixed version (SNIPPET_JUMP_ON_MISS should be SNIPPET_JUMP_ON_MATCH in both occurrences).

static struct XmlSnippet schema_snippets[] = { { "AuthnContextClassRef", SNIPPET_CONTENT | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_3,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextClassRef), NULL, NULL, NULL}, { "AuthnContextDecl", SNIPPET_NODE | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_4,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDecl), NULL, NULL, NULL}, { "AuthnContextDeclRef", SNIPPET_CONTENT | SNIPPET_MANDATORY | SNIPPET_JUMP_3,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDeclRef), NULL, NULL, NULL}, { "AuthnContextDecl", SNIPPET_NODE | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_2,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDecl), NULL, NULL, NULL}, { "AuthnContextDeclRef", SNIPPET_CONTENT | SNIPPET_OPTIONAL,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDeclRef), NULL, NULL, NULL}, { "AuthenticatingAuthority", SNIPPET_CONTENT | SNIPPET_OPTIONAL,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthenticatingAuthority), NULL, NULL, NULL}, {NULL, 0, 0, NULL, NULL, NULL}
};

Best regards,
Paul Meurer

authn-context-bug.xml View (7.31 KB) Paul Meurer, 12 Aug 2018 03:01 PM

0001-xml-fix-parsing-of-saml-AuthnContext-fixes-25640.patch View (1.33 KB) Benjamin Dauvergne, 04 Sep 2018 10:43 AM

Associated revisions

Revision b891ed7d (diff)
Added by Benjamin Dauvergne 8 months ago

xml: fix parsing of saml:AuthnContext (fixes #25640)

Decl/DeclRef are alternatives, when matching a Decl we should jump over
the DeclRef.

Revision 5070a06a (diff)
Added by Benjamin Dauvergne 6 months ago

xml: fix parsing of saml:AuthnContext (fixes #25640)

Decl/DeclRef are alternatives, when matching a Decl we should jump over
the DeclRef.

History

#1 Updated by Benjamin Dauvergne 8 months ago

No only the second JUMP_ON_MISS should be a JUMP_ON_MATCH, see the schema :

 * <complexType name="AuthnContextType">
 *   <sequence>
 *     <choice>
 *       <sequence>
 *         <element ref="saml:AuthnContextClassRef"/>
 *         <choice minOccurs="0">
 *           <element ref="saml:AuthnContextDecl"/>
 *           <element ref="saml:AuthnContextDeclRef"/>
 *         </choice>
 *       </sequence>
 *       <choice>
 *         <element ref="saml:AuthnContextDecl"/>
 *         <element ref="saml:AuthnContextDeclRef"/>
 *       </choice>
 *     </choice>
 *     <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
 *   </sequence>
 * </complexType>

Decl/DeclRef become mandatory if there is no ClassRef, it's optional otherwise, with a regexp like syntax :

( ClassRef ( Decl | DeclRef )? | ( Decl | DeclRef ) AuthenticatingAuthority* )

#2 Updated by Benjamin Dauvergne 8 months ago

  • Assignee set to Benjamin Dauvergne

#3 Updated by Benjamin Dauvergne 8 months ago

Could you check this smaller patch fix your instance of the problem ?

#4 Updated by Paul Meurer 7 months ago

Yes, you are correct, obviously.
The smaller patch works for my problem. Thanks!

#5 Updated by Benjamin Dauvergne 6 months ago

  • Status changed from Solution proposée to Solution validée

#6 Updated by Benjamin Dauvergne 6 months ago

  • % Done changed from 0 to 100
  • Status changed from Solution validée to Résolu (à déployer)

Also available in: Atom PDF