diff options
| author | Simo Sorce <simo@redhat.com> | 2014-06-09 12:44:48 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-06-09 12:54:31 -0400 |
| commit | 1c598394ee0ae5a930f73123bdc0226af583ae31 (patch) | |
| tree | 3c0681dc0444713fa69f178cb83faa32f1fac785 | |
| parent | cb3fb767d0c6b486af88b813ab2ced6a56745638 (diff) | |
| download | lasso-1c598394ee0ae5a930f73123bdc0226af583ae31.tar.gz lasso-1c598394ee0ae5a930f73123bdc0226af583ae31.tar.xz lasso-1c598394ee0ae5a930f73123bdc0226af583ae31.zip | |
Missing check for Sig_Alg value
Initialize the sig_alg value to NULL (The compilers was complaining it may
be used initialized), but also make sure to check the re is any sig_alg at
all, otherwise return a proper error.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
| -rw-r--r-- | lasso/xml/tools.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 531bad3f..5ae12919 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -800,7 +800,7 @@ lasso_saml2_query_verify_signature(const char *query, const xmlSecKey *sender_pu int n = 0; char *saml_request_response = NULL; char *relaystate = NULL; - char *sig_alg, *usig_alg = NULL; + char *sig_alg = NULL, *usig_alg = NULL; lasso_error_t rc = 0; lasso_return_val_if_fail(query != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); @@ -857,6 +857,9 @@ lasso_saml2_query_verify_signature(const char *query, const xmlSecKey *sender_pu goto_cleanup_with_rc(LASSO_PROFILE_ERROR_INVALID_QUERY); } + if (! sig_alg) { + goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGALG); + } if (! b64_signature) { goto_cleanup_with_rc(LASSO_DS_ERROR_SIGNATURE_NOT_FOUND); } |