Project

General

Profile

Bug #25640

Bug in saml2_authn_context.c, XmlSnippet

Added by Paul Meurer almost 2 years ago. Updated 11 months ago.

Status:
Solution déployée
Priority:
Haut
Category:
SAMLv2
Target version:
Start date:
12 Aug 2018
Due date:
% Done:

100%

Patch proposed:
Yes
Planning:
No

Description

The definition of the struct XmlSnippet in lasso-2.6.0/lasso/xml/saml-2.0/saml2_authn_context.c seems to be wrong.

I append a saml response XML file that doesn't parse with this wrong XmlSnippet.

Here is the fixed version (SNIPPET_JUMP_ON_MISS should be SNIPPET_JUMP_ON_MATCH in both occurrences).

static struct XmlSnippet schema_snippets[] = { { "AuthnContextClassRef", SNIPPET_CONTENT | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_3,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextClassRef), NULL, NULL, NULL}, { "AuthnContextDecl", SNIPPET_NODE | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_4,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDecl), NULL, NULL, NULL}, { "AuthnContextDeclRef", SNIPPET_CONTENT | SNIPPET_MANDATORY | SNIPPET_JUMP_3,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDeclRef), NULL, NULL, NULL}, { "AuthnContextDecl", SNIPPET_NODE | SNIPPET_OPTIONAL | SNIPPET_JUMP_ON_MATCH | SNIPPET_JUMP_2,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDecl), NULL, NULL, NULL}, { "AuthnContextDeclRef", SNIPPET_CONTENT | SNIPPET_OPTIONAL,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthnContextDeclRef), NULL, NULL, NULL}, { "AuthenticatingAuthority", SNIPPET_CONTENT | SNIPPET_OPTIONAL,
G_STRUCT_OFFSET(LassoSaml2AuthnContext, AuthenticatingAuthority), NULL, NULL, NULL}, {NULL, 0, 0, NULL, NULL, NULL}
};

Best regards,
Paul Meurer

authn-context-bug.xml View (7.31 KB) Paul Meurer, 12 Aug 2018 03:01 PM

0001-xml-fix-parsing-of-saml-AuthnContext-fixes-25640.patch View (1.33 KB) Benjamin Dauvergne, 04 Sep 2018 10:43 AM

Associated revisions

Revision b891ed7d (diff)
Added by Benjamin Dauvergne almost 2 years ago

xml: fix parsing of saml:AuthnContext (fixes #25640)

Decl/DeclRef are alternatives, when matching a Decl we should jump over
the DeclRef.

Revision 5070a06a (diff)
Added by Benjamin Dauvergne almost 2 years ago

xml: fix parsing of saml:AuthnContext (fixes #25640)

Decl/DeclRef are alternatives, when matching a Decl we should jump over
the DeclRef.

History

#1 Updated by Benjamin Dauvergne almost 2 years ago

No only the second JUMP_ON_MISS should be a JUMP_ON_MATCH, see the schema :

 * <complexType name="AuthnContextType">
 *   <sequence>
 *     <choice>
 *       <sequence>
 *         <element ref="saml:AuthnContextClassRef"/>
 *         <choice minOccurs="0">
 *           <element ref="saml:AuthnContextDecl"/>
 *           <element ref="saml:AuthnContextDeclRef"/>
 *         </choice>
 *       </sequence>
 *       <choice>
 *         <element ref="saml:AuthnContextDecl"/>
 *         <element ref="saml:AuthnContextDeclRef"/>
 *       </choice>
 *     </choice>
 *     <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
 *   </sequence>
 * </complexType>

Decl/DeclRef become mandatory if there is no ClassRef, it's optional otherwise, with a regexp like syntax :

( ClassRef ( Decl | DeclRef )? | ( Decl | DeclRef ) AuthenticatingAuthority* )

#2 Updated by Benjamin Dauvergne almost 2 years ago

  • Assignee set to Benjamin Dauvergne

#3 Updated by Benjamin Dauvergne almost 2 years ago

Could you check this smaller patch fix your instance of the problem ?

#4 Updated by Paul Meurer almost 2 years ago

Yes, you are correct, obviously.
The smaller patch works for my problem. Thanks!

#5 Updated by Benjamin Dauvergne almost 2 years ago

  • Status changed from Solution proposée to Solution validée

#6 Updated by Benjamin Dauvergne almost 2 years ago

  • Status changed from Solution validée to Résolu (à déployer)
  • % Done changed from 0 to 100

#7 Updated by Thijs Kinkhorst 12 months ago

We ran into the same issue with the latest version of lasso (this is with NetIQ AM as an IdP). The patch indeed fixes it for us. So it would be great if a new release could be tagged!

#8 Updated by Benjamin Dauvergne 11 months ago

  • Status changed from Résolu (à déployer) to Solution déployée

Also available in: Atom PDF