Bug #47
lasso_node_impl_init_from_xml do not verify the element name if currently parse
100%
Description
We can give any xmlNode tree to this function and any GObject subclass of
LassoNode it will work. We should at least validate that:
strcmp(curNode->name, class->node_data->node_name) ||
g_strcmp0(lasso_registry_default_get_mapping(curNode->ns->href,
curNode->name, LASSO_LASSO_HREF), G_OBJECT_CLASS_NAME(object))
It is a problem in lasso_login_process_authn_response, because we assume that
the response we receive is a lib_authn_response:
»·······profile->response = lasso_lib_authn_response_new(NULL, NULL);
»·······format = lasso_node_init_from_message(
»·······»·······»·······LASSO_NODE(profile->response),
authn_response_msg);
»·······if (format LASSO_MESSAGE_FORMAT_UNKNOWN || format
LASSO_MESSAGE_FORMAT_ERROR) {
»·······»·······return
critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
»·······}
and in a recent usage (vecozo) we received a samlp:Response instead, which is
wrong
but lasso did not signal it.
Is everybody ok ?
Révisions associées
fix segfault when parsed node has no namespace (#47)
This bug was introduced in commit 8d06806d, the check for a correct namespace on
head node of parsed XML fragments does not handle the case where the node has no
namespace. Using lasso_equal_namespace() fix this.
Historique
Mis à jour par Benjamin Dauvergne il y a plus de 13 ans
- Catégorie mis à XML Framework
This will need extensive testing to be sure that there will be no regressions.
Mis à jour par Benjamin Dauvergne il y a environ 8 ans
- Assigné à mis à Benjamin Dauvergne
- Version cible changé de future à 318
- Patch proposed mis à Non
Mis à jour par Benjamin Dauvergne il y a environ 8 ans
- Statut changé de Nouveau à Résolu (à déployer)
- % réalisé changé de 0 à 100
Appliqué par commit 8d06806db6869cbc2ac8df13128d401d241c9744.
Mis à jour par Benjamin Dauvergne il y a presque 6 ans
- Statut changé de Résolu (à déployer) à Fermé
check node names in lasso_node_impl_init_from_xml() (fixes #47)