lasso_saml20_profile_init_artifact_resolve(): check http_method

* lasso/saml-2.0/profile.c: check the given http_method it must one in - LASSO_HTTP_METHOD_ARTIFACT_POST, - LASSO_HTTP_METHOD_ARTIFACT_GET.
author: Benjamin Dauvergne <bdauvergne@entrouvert.com> 2009-04-27 08:19:24 +0000
committer: Benjamin Dauvergne <bdauvergne@entrouvert.com> 2009-04-27 08:19:24 +0000
commit: 4ba02b07253ddde0619e5a45df6aa431f1985352 (patch)
tree: 3d0da74bda9acae690d6ac35ca02e85b4b5f8126
parent: 83ce945c5f6343e35fddc9bb6fdc6e8410b409af (diff)
download: lasso-4ba02b07253ddde0619e5a45df6aa431f1985352.tar.gz
lasso-4ba02b07253ddde0619e5a45df6aa431f1985352.tar.xz
lasso-4ba02b07253ddde0619e5a45df6aa431f1985352.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 359d9851..60f664b7 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -232,8 +232,10 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
 		if (artifact_b64 == NULL) {
 			return LASSO_PROFILE_ERROR_MISSING_ARTIFACT;
 		}
-	} else {
+	} else if (method == LASSO_HTTP_METHOD_ARTIFACT_POST) {
 		artifact_b64 = g_strdup(msg);
+	} else {
+		return critical_error(LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD);
 	}
 
 	i = xmlSecBase64Decode((xmlChar*)artifact_b64, (xmlChar*)artifact, 45);
author	Benjamin Dauvergne <bdauvergne@entrouvert.com>	2009-04-27 08:19:24 +0000
committer	Benjamin Dauvergne <bdauvergne@entrouvert.com>	2009-04-27 08:19:24 +0000
commit	4ba02b07253ddde0619e5a45df6aa431f1985352 (patch)
tree	3d0da74bda9acae690d6ac35ca02e85b4b5f8126
parent	83ce945c5f6343e35fddc9bb6fdc6e8410b409af (diff)
download	lasso-4ba02b07253ddde0619e5a45df6aa431f1985352.tar.gz lasso-4ba02b07253ddde0619e5a45df6aa431f1985352.tar.xz lasso-4ba02b07253ddde0619e5a45df6aa431f1985352.zip