diff options
| author | Frederic Peters <fpeters@entrouvert.com> | 2007-01-03 23:35:17 +0000 |
|---|---|---|
| committer | Frederic Peters <fpeters@entrouvert.com> | 2007-01-03 23:35:17 +0000 |
| commit | 78b83a37b1623de64cc4687bc34f445ccd8907dc (patch) | |
| tree | 6f6d31791c0699db7a6631cf3f01f50582209f24 | |
| parent | 46b74e89841fcc3048e300fdcc1b40ff2b7d35c5 (diff) | |
misc fixes for 1) memory leaks around XPath usage and 2) potential segfaults
from untested pointers
| -rw-r--r-- | lasso/id-ff/identity.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/lecp.c | 10 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 23 | ||||
| -rw-r--r-- | lasso/id-ff/logout.c | 18 | ||||
| -rw-r--r-- | lasso/id-ff/name_identifier_mapping.c | 13 | ||||
| -rw-r--r-- | lasso/id-ff/name_registration.c | 9 | ||||
| -rw-r--r-- | lasso/id-ff/provider.c | 24 | ||||
| -rw-r--r-- | lasso/id-wsf/data_service.c | 35 | ||||
| -rw-r--r-- | lasso/id-wsf/discovery.c | 5 | ||||
| -rw-r--r-- | lasso/id-wsf/wsf_profile.c | 66 | ||||
| -rw-r--r-- | lasso/saml-2.0/ecp.c | 20 | ||||
| -rw-r--r-- | lasso/saml-2.0/login.c | 30 | ||||
| -rw-r--r-- | lasso/saml-2.0/logout.c | 4 | ||||
| -rw-r--r-- | lasso/xml/xml.c | 11 |
14 files changed, 205 insertions, 67 deletions
diff --git a/lasso/id-ff/identity.c b/lasso/id-ff/identity.c index 155853da..bdbf379e 100644 --- a/lasso/id-ff/identity.c +++ b/lasso/id-ff/identity.c @@ -185,8 +185,8 @@ lasso_identity_get_offerings(LassoIdentity *identity, const char *service_type) while (iter) { t = iter->data; iter = g_list_next(iter); - if (service_type == NULL || strcmp( - t->ServiceInstance->ServiceType, service_type) == 0) { + if (service_type == NULL || (t->ServiceInstance && strcmp( + t->ServiceInstance->ServiceType, service_type) == 0)) { result = g_list_append(result, g_object_ref(t)); } } diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c index ec1db584..d96c61aa 100644 --- a/lasso/id-ff/lecp.c +++ b/lasso/id-ff/lecp.c @@ -301,16 +301,24 @@ lasso_lecp_process_authn_request_envelope_msg(LassoLecp *lecp, const char *reque /* TODO: will need to use another href for id-ff 1.1 support */ xpathObj = xmlXPathEvalExpression((xmlChar*)"//lib:AuthnRequest", xpathCtx); - if (xpathObj == NULL) + if (xpathObj == NULL) { + xmlXPathFreeContext(xpathCtx); return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); + } if (xpathObj->nodesetval == NULL || xpathObj->nodesetval->nodeNr == 0) { + xmlXPathFreeContext(xpathCtx); xmlXPathFreeObject(xpathObj); return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } authn_request = xmlCopyNode(xpathObj->nodesetval->nodeTab[0], 1); + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); xmlFreeDoc(doc); + xpathCtx = NULL; + xpathObj = NULL; + doc = NULL; soap_envelope = xmlNewNode(NULL, (xmlChar*)"Envelope"); xmlSetNs(soap_envelope, xmlNewNs(soap_envelope, diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 4cbc88c6..ac33b14f 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -386,12 +386,14 @@ static gint lasso_login_process_federation(LassoLogin *login, gboolean is_consent_obtained) { LassoFederation *federation = NULL; - LassoProfile *profile = LASSO_PROFILE(login); + LassoProfile *profile; char *nameIDPolicy; gint ret = 0; g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); + profile = LASSO_PROFILE(login); + /* verify if identity already exists else create it */ if (profile->identity == NULL) { profile->identity = lasso_identity_new(); @@ -409,8 +411,8 @@ lasso_login_process_federation(LassoLogin *login, gboolean is_consent_obtained) } /* search a federation in the identity */ - federation = g_hash_table_lookup(LASSO_PROFILE(login)->identity->federations, - LASSO_PROFILE(login)->remote_providerID); + federation = g_hash_table_lookup(profile->identity->federations, + profile->remote_providerID); if (strcmp(nameIDPolicy, LASSO_LIB_NAMEID_POLICY_TYPE_NONE) == 0) { /* a federation MUST exist */ @@ -605,6 +607,9 @@ lasso_login_accept_sso(LassoLogin *login) authentication_statement = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT( assertion->AuthenticationStatement); + if (authentication_statement->Subject == NULL) + return LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND; + ni = authentication_statement->Subject->NameIdentifier; if (ni == NULL) @@ -778,7 +783,7 @@ lasso_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_method) xmlFree(relayState); if (strcmp(LASSO_SAMLP_RESPONSE(profile->response)->Status->StatusCode->Value, - "samlp:Success") != 0) { + LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { if (profile->session == NULL) profile->session = lasso_session_new(); @@ -948,8 +953,10 @@ lasso_login_build_authn_response_msg(LassoLogin *login) LassoSamlAssertion *assertion = login->assertion; LassoSamlSubjectStatementAbstract *ss; ss = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(assertion->AuthenticationStatement); - ss->Subject->SubjectConfirmation->ConfirmationMethod = g_list_append(NULL, - g_strdup(LASSO_SAML_CONFIRMATION_METHOD_BEARER)); + if (ss->Subject && ss->Subject->SubjectConfirmation) { + ss->Subject->SubjectConfirmation->ConfirmationMethod = g_list_append(NULL, + g_strdup(LASSO_SAML_CONFIRMATION_METHOD_BEARER)); + } } /* Countermeasure: The issuer should sign <lib:AuthnResponse> messages. @@ -971,8 +978,8 @@ lasso_login_build_authn_response_msg(LassoLogin *login) /* build an lib:AuthnResponse base64 encoded */ profile->msg_body = lasso_node_export_to_base64(LASSO_NODE(profile->response)); - remote_provider = g_hash_table_lookup(LASSO_PROFILE(login)->server->providers, - LASSO_PROFILE(login)->remote_providerID); + remote_provider = g_hash_table_lookup(profile->server->providers, + profile->remote_providerID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND); profile->msg_url = lasso_provider_get_assertion_consumer_service_url(remote_provider, diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 47513aa7..006bb3a4 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -307,6 +307,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID, LassoSamlNameIdentifier *nameIdentifier; LassoNode *assertion_n, *name_identifier_n; LassoSamlAssertion *assertion; + LassoSamlSubjectStatementAbstract *subject_statement; LassoFederation *federation = NULL; gboolean is_http_redirect_get_method = FALSE; LassoSession *session; @@ -360,12 +361,21 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID, session_index = g_strdup(as->SessionIndex); } - /* if format is one time, then get name identifier from assertion, else get name identifier from federation */ - nameIdentifier = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT( - assertion->AuthenticationStatement)->Subject->NameIdentifier; - if (strcmp(nameIdentifier->Format, LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME) != 0) { + subject_statement = NULL; + nameIdentifier = NULL; + if (LASSO_IS_SAML_SUBJECT_STATEMENT_ABSTRACT(assertion->AuthenticationStatement)) { + subject_statement = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT( + assertion->AuthenticationStatement); + if (subject_statement && subject_statement->Subject) { + nameIdentifier = subject_statement->Subject->NameIdentifier; + } + } + + + if (nameIdentifier && strcmp(nameIdentifier->Format, + LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME) != 0) { if (LASSO_IS_IDENTITY(profile->identity) == FALSE) { return critical_error(LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND); } diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c index 60560f1e..bb92b067 100644 --- a/lasso/id-ff/name_identifier_mapping.c +++ b/lasso/id-ff/name_identifier_mapping.c @@ -378,13 +378,20 @@ lasso_name_identifier_mapping_process_response_msg(LassoNameIdentifierMapping *m } statusCodeValue = response->Status->StatusCode->Value; - if (strcmp(statusCodeValue, LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { + if (statusCodeValue == NULL || strcmp(statusCodeValue, + LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { return LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS; } + /* Set the target name identifier */ - mapping->targetNameIdentifier = g_strdup(LASSO_LIB_NAME_IDENTIFIER_MAPPING_REQUEST( - profile->request)->NameIdentifier->content); + if (LASSO_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(profile->request)->NameIdentifier) { + mapping->targetNameIdentifier = g_strdup(LASSO_LIB_NAME_IDENTIFIER_MAPPING_REQUEST( + profile->request)->NameIdentifier->content); + } else { + mapping->targetNameIdentifier = NULL; + return LASSO_NAME_IDENTIFIER_MAPPING_ERROR_MISSING_TARGET_IDENTIFIER; + } return rc; } diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c index 1492c482..7510cb46 100644 --- a/lasso/id-ff/name_registration.c +++ b/lasso/id-ff/name_registration.c @@ -444,6 +444,7 @@ lasso_name_registration_process_response_msg(LassoNameRegistration *name_registr LassoFederation *federation; LassoSamlNameIdentifier *nameIdentifier = NULL; LassoHttpMethod response_method; + LassoLibStatusResponse *response; LassoMessageFormat format; int rc; char *statusCodeValue; @@ -474,7 +475,13 @@ lasso_name_registration_process_response_msg(LassoNameRegistration *name_registr /* verify signature */ rc = lasso_provider_verify_signature(remote_provider, response_msg, "ResponseID", format); - statusCodeValue = LASSO_LIB_STATUS_RESPONSE(profile->response)->Status->StatusCode->Value; + response = LASSO_LIB_STATUS_RESPONSE(profile->response); + if (response->Status == NULL || response->Status->StatusCode == NULL + || response->Status->StatusCode->Value == NULL) { + return critical_error(LASSO_PROFILE_ERROR_MISSING_STATUS_CODE); + } + statusCodeValue = response->Status->StatusCode->Value; + if (strcmp(statusCodeValue, LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { message(G_LOG_LEVEL_CRITICAL, "Status code not success: %s", statusCodeValue); return LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS; diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index ffde4132..e012917f 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -667,6 +667,7 @@ lasso_provider_load_metadata(LassoProvider *provider, const gchar *metadata) } node = xpathObj->nodesetval->nodeTab[0]; provider->ProviderID = (char*)xmlGetProp(node, (xmlChar*)"providerID"); + xmlXPathFreeObject(xpathObj); xpathObj = xmlXPathEvalExpression((xmlChar*)xpath_idp, xpathCtx); if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr == 1) { @@ -915,6 +916,9 @@ int lasso_provider_verify_signature(LassoProvider *provider, xmlSecKeysMngr *keys_mngr = NULL; xmlSecDSigCtx *dsigCtx; int rc; + xmlXPathContext *xpathCtx = NULL; + xmlXPathObject *xpathObj = NULL; + msg = (char*)message; @@ -947,19 +951,16 @@ int lasso_provider_verify_signature(LassoProvider *provider, } if (format == LASSO_MESSAGE_FORMAT_SOAP) { - xmlXPathContext *xpathCtx = NULL; - xmlXPathObject *xpathObj; - xpathCtx = xmlXPathNewContext(doc); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body/*", xpathCtx); if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr ) { xmlnode = xpathObj->nodesetval->nodeTab[0]; } - xmlXPathFreeObject(xpathObj); - xmlXPathFreeContext(xpathCtx); if (xmlnode == NULL) { xmlFreeDoc(doc); + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); return LASSO_PROFILE_ERROR_INVALID_MSG; } } else { @@ -991,6 +992,8 @@ int lasso_provider_verify_signature(LassoProvider *provider, if (sign == NULL) { xmlFreeDoc(doc); + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND; } @@ -1009,6 +1012,8 @@ int lasso_provider_verify_signature(LassoProvider *provider, provider->ca_cert_chain); if (keys_mngr == NULL) { xmlFreeDoc(doc); + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED; } } @@ -1019,6 +1024,8 @@ int lasso_provider_verify_signature(LassoProvider *provider, if (dsigCtx->signKey == NULL) { /* XXX: should this be detected on lasso_provider_new ? */ xmlSecDSigCtxDestroy(dsigCtx); + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); xmlFreeDoc(doc); return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED; } @@ -1029,16 +1036,23 @@ int lasso_provider_verify_signature(LassoProvider *provider, if (keys_mngr) xmlSecKeysMngrDestroy(keys_mngr); xmlFreeDoc(doc); + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); return LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED; } if (keys_mngr) xmlSecKeysMngrDestroy(keys_mngr); + if (dsigCtx->status != xmlSecDSigStatusSucceeded) { xmlSecDSigCtxDestroy(dsigCtx); xmlFreeDoc(doc); + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); return LASSO_DS_ERROR_INVALID_SIGNATURE; } + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); xmlFreeDoc(doc); return 0; } diff --git a/lasso/id-wsf/data_service.c b/lasso/id-wsf/data_service.c index 93b05264..f4c07fd6 100644 --- a/lasso/id-wsf/data_service.c +++ b/lasso/id-wsf/data_service.c @@ -221,16 +221,16 @@ lasso_data_service_init_query(LassoDataService *service, const char *select, /* Added needed credential for remote service */ if (description->CredentialRef) { - char *credentialRef = description->CredentialRef->data; - iter = service->private_data->credentials; - while (iter) { - LassoSamlAssertion *credential = LASSO_SAML_ASSERTION( - iter->data); - if (strcmp(credentialRef, credential->AssertionID) == 0) - //lasso_wsf_profile_add_saml_authentication( - // LASSO_WSF_PROFILE(service), credential); + char *credentialRef = description->CredentialRef->data; + iter = service->private_data->credentials; + while (iter) { + LassoSamlAssertion *credential = LASSO_SAML_ASSERTION(iter->data); + if (strcmp(credentialRef, credential->AssertionID) == 0) { + //lasso_wsf_profile_add_saml_authentication( + // LASSO_WSF_PROFILE(service), credential); iter = iter->next; } + } } return 0; @@ -252,6 +252,11 @@ lasso_data_service_get_redirect_request_url(LassoDataService *service) LassoIsRedirectRequest *redirect_request = NULL; GList *iter; + if (LASSO_WSF_PROFILE(service)->soap_envelope_response == NULL || + LASSO_WSF_PROFILE(service)->soap_envelope_response->Body == NULL) { + return NULL; + } + iter = LASSO_WSF_PROFILE(service)->soap_envelope_response->Body->any; while (iter) { if (LASSO_IS_SOAP_FAULT(iter->data) == TRUE) { @@ -260,7 +265,7 @@ lasso_data_service_get_redirect_request_url(LassoDataService *service) } iter = iter->next; } - if (!fault) + if (fault == NULL || fault->Detail == NULL) return NULL; iter = fault->Detail->any; @@ -269,9 +274,9 @@ lasso_data_service_get_redirect_request_url(LassoDataService *service) redirect_request = LASSO_IS_REDIRECT_REQUEST(iter->data); break; } - iter = iter->next; + iter = g_list_next(iter); } - if (!redirect_request) + if (redirect_request == NULL) return NULL; return g_strdup(redirect_request->redirectURL); @@ -392,10 +397,15 @@ lasso_data_service_build_modify_response_msg(LassoDataService *service) { xmlNode *node = xpathObj->nodesetval->nodeTab[0]; xmlReplaceNode(node, newNode); } + xmlXPathFreeObject(xpathObj); + xpathObj = NULL; iter = g_list_next(iter); } + xmlXPathFreeContext(xpathCtx); + xmlFreeDoc(doc); + return lasso_wsf_profile_build_soap_response_msg(profile); } @@ -459,10 +469,13 @@ lasso_data_service_build_response_msg(LassoDataService *service) } response->Data = g_list_append(response->Data, data); } + xmlXPathFreeObject(xpathObj); + xpathObj = NULL; iter = g_list_next(iter); } xmlUnlinkNode(service->resource_data); + xmlXPathFreeContext(xpathCtx); xmlFreeDoc(doc); return lasso_wsf_profile_build_soap_response_msg(profile); diff --git a/lasso/id-wsf/discovery.c b/lasso/id-wsf/discovery.c index b3fb1c83..a4cd9b0c 100644 --- a/lasso/id-wsf/discovery.c +++ b/lasso/id-wsf/discovery.c @@ -165,18 +165,23 @@ lasso_discovery_build_credential(LassoDiscovery *discovery, const gchar *provide xmlnode = xpathObj->nodesetval->nodeTab[0]; rsa_key_value->Modulus = (gchar *) xmlNodeGetContent(xmlnode); } + xmlXPathFreeObject(xpathObj); xpathObj = xmlXPathEvalExpression((xmlChar*)"//ds:Exponent", xpathCtx); if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { xmlnode = xpathObj->nodesetval->nodeTab[0]; rsa_key_value->Exponent = (gchar *) xmlNodeGetContent(xmlnode); } + xmlXPathFreeObject(xpathObj); key_value = lasso_ds_key_value_new(); key_value->RSAKeyValue = rsa_key_value; key_info = lasso_ds_key_info_new(); key_info->KeyValue = key_value; subject_confirmation->KeyInfo = key_info; + + xmlXPathFreeContext(xpathCtx); + xmlFreeDoc(doc); } subject->SubjectConfirmation = subject_confirmation; diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c index c57458b7..6e07d934 100644 --- a/lasso/id-wsf/wsf_profile.c +++ b/lasso/id-wsf/wsf_profile.c @@ -147,7 +147,7 @@ lasso_wsf_profile_has_saml_authentication(LassoWsfProfile *profile) GList *iter; gchar *security_mech_id; - if (!profile->private_data->description) + if (profile->private_data->description == NULL) return FALSE; iter = profile->private_data->description->SecurityMechID; @@ -158,7 +158,7 @@ lasso_wsf_profile_has_saml_authentication(LassoWsfProfile *profile) strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0) { return TRUE; } - iter = iter->next; + iter = g_list_next(iter); } return FALSE; @@ -170,7 +170,7 @@ lasso_wsf_profile_has_x509_authentication(LassoWsfProfile *profile) GList *iter; gchar *security_mech_id; - if (!profile->private_data->description) + if (profile->private_data->description == NULL) return FALSE; iter = profile->private_data->description->SecurityMechID; @@ -181,7 +181,7 @@ lasso_wsf_profile_has_x509_authentication(LassoWsfProfile *profile) strcmp(security_mech_id, LASSO_SECURITY_MECH_X509) == 0) { return TRUE; } - iter = iter->next; + iter = g_list_next(iter); } return FALSE; @@ -494,16 +494,24 @@ lasso_wsf_profile_verify_saml_authentication(LassoWsfProfile *profile, xmlDoc *d /* FIXME: Need to consider more every credentials. */ if (xpathObj->nodesetval == NULL || xpathObj->nodesetval->nodeNr == 0) { + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); return LASSO_PROFILE_ERROR_MISSING_ASSERTION; } credential = xpathObj->nodesetval->nodeTab[0]; + res = lasso_wsf_profile_verify_credential_signature(profile, doc, credential); - if (res < 0) + if (res < 0) { + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); return res; + } public_key = lasso_wsf_profile_get_public_key_from_credential(profile, credential); + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); if (public_key == NULL) { return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED; @@ -666,6 +674,8 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, correlation = xpathObj->nodesetval->nodeTab[0]; } if (correlation == NULL) { + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); return LASSO_WSF_PROFILE_ERROR_MISSING_CORRELATION; } @@ -674,20 +684,29 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, xmlAddID(NULL, doc, id, id_attr); xmlFree(id); + xmlXPathFreeObject(xpathObj); + xpathObj = NULL; + /* Body */ xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body", xpathCtx); if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { body = xpathObj->nodesetval->nodeTab[0]; } - if (body == NULL) + if (body == NULL) { + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); return LASSO_SOAP_ERROR_MISSING_BODY; + } id_attr = xmlHasProp(body, (xmlChar *)"id"); id = xmlGetProp(body, (xmlChar *) "id"); xmlAddID(NULL, doc, id, id_attr); xmlFree(id); + xmlXPathFreeObject(xpathObj); + xpathObj = NULL; + /* Provider */ xmlXPathRegisterNs(xpathCtx, (xmlChar*)"sb", (xmlChar*)LASSO_SOAP_BINDING_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//sb:Provider", xpathCtx); @@ -706,19 +725,21 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, xmlFree(providerID); } - /* Verify signature */ - //node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); + xmlXPathFreeObject(xpathObj); + xpathObj = NULL; - //xpathObj =xmlXPathEvalExpression((xmlChar*)"/s:Envelope/s:Header/s:Security/ds:Signature", - // xpathCtx); + /* Verify signature */ node = NULL; xmlXPathRegisterNs(xpathCtx, (xmlChar*)"ds", (xmlChar*)LASSO_DS_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//ds:Signature", xpathCtx); if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { node = xpathObj->nodesetval->nodeTab[0]; } - if (node == NULL) + if (node == NULL) { + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND; + } /* Case of X509 signature type */ x509data = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeX509Data, xmlSecDSigNs); @@ -726,9 +747,13 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, keys_mngr = lasso_load_certs_from_pem_certs_chain_file( lasso_provider->ca_cert_chain); if (keys_mngr == NULL) { + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED; } } else if (x509data != NULL) { + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED; } @@ -743,6 +768,8 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, } if (dsigCtx->signKey == NULL) { xmlSecDSigCtxDestroy(dsigCtx); + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED; } } @@ -751,9 +778,14 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, xmlSecDSigCtxDestroy(dsigCtx); if (keys_mngr) xmlSecKeysMngrDestroy(keys_mngr); + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); return LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED; } + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); + if (keys_mngr) xmlSecKeysMngrDestroy(keys_mngr); @@ -1315,8 +1347,10 @@ lasso_wsf_profile_process_soap_response_msg(LassoWsfProfile *profile, const gcha int res; res = lasso_wsf_profile_verify_x509_authentication(profile, doc, NULL); - if (res != 0) + if (res != 0) { + xmlFreeDoc(doc); return res; + } /* FIXME: Remove Signature element if exists, it seg fault when a call to lasso_node_new_from_xmlNode() */ @@ -1327,8 +1361,11 @@ lasso_wsf_profile_process_soap_response_msg(LassoWsfProfile *profile, const gcha xmlFreeNode(xmlnode); } } - if (res != 0) + + if (res != 0) { + xmlFreeDoc(doc); return res; + } /* If credentials are found, save and remove them from message */ { @@ -1344,9 +1381,12 @@ lasso_wsf_profile_process_soap_response_msg(LassoWsfProfile *profile, const gcha lasso_wsf_profile_add_credential(profile, credential); } } + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); } envelope = LASSO_SOAP_ENVELOPE(lasso_node_new_from_xmlNode(xmlDocGetRootElement(doc))); + xmlFreeDoc(doc); profile->soap_envelope_response = envelope; diff --git a/lasso/saml-2.0/ecp.c b/lasso/saml-2.0/ecp.c index d6174ed6..1ca456aa 100644 --- a/lasso/saml-2.0/ecp.c +++ b/lasso/saml-2.0/ecp.c @@ -139,6 +139,7 @@ lasso_ecp_process_authn_request_msg(LassoEcp *ecp, const char *authn_request_msg xmlnode = xpathObj->nodesetval->nodeTab[0]; ecp->private_data->relay_state = xmlNodeGetContent(xmlnode); } + xmlXPathFreeObject(xpathObj); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"paos", (xmlChar*)LASSO_PAOS_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//paos:Request", xpathCtx); @@ -146,6 +147,7 @@ lasso_ecp_process_authn_request_msg(LassoEcp *ecp, const char *authn_request_msg ecp->private_data->messageID = xmlGetProp( xpathObj->nodesetval->nodeTab[0], (xmlChar*)"messageID"); } + xmlXPathFreeObject(xpathObj); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Header", xpathCtx); @@ -153,6 +155,10 @@ lasso_ecp_process_authn_request_msg(LassoEcp *ecp, const char *authn_request_msg xmlnode = xpathObj->nodesetval->nodeTab[0]; xmlUnlinkNode(xmlnode); } + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); + xpathCtx = NULL; + xpathObj = NULL; xmlnode = xmlDocGetRootElement(doc); handler = xmlFindCharEncodingHandler("utf-8"); @@ -162,6 +168,7 @@ lasso_ecp_process_authn_request_msg(LassoEcp *ecp, const char *authn_request_msg LASSO_PROFILE(ecp)->msg_body = g_strdup( (char*)(buf->conv ? buf->conv->content : buf->buffer->content)); xmlOutputBufferClose(buf); + xmlFreeDoc(doc); profile->remote_providerID = lasso_server_get_first_providerID(profile->server); if (profile->remote_providerID == NULL) { @@ -170,8 +177,9 @@ lasso_ecp_process_authn_request_msg(LassoEcp *ecp, const char *authn_request_msg remote_provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); - if (LASSO_IS_PROVIDER(remote_provider) == FALSE) + if (LASSO_IS_PROVIDER(remote_provider) == FALSE) { return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND); + } profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SingleSignOnService SOAP"); @@ -202,8 +210,9 @@ lasso_ecp_process_response_msg(LassoEcp *ecp, const char *response_msg) xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body", xpathCtx); if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) { - body = xpathObj->nodesetval->nodeTab[0]; + body = xmlCopyNode(xpathObj->nodesetval->nodeTab[0], 1); } + xmlXPathFreeObject(xpathObj); xmlXPathRegisterNs(xpathCtx, (xmlChar*)"ecp", (xmlChar*)LASSO_ECP_HREF); xpathObj = xmlXPathEvalExpression((xmlChar*)"//ecp:Response", xpathCtx); @@ -211,9 +220,10 @@ lasso_ecp_process_response_msg(LassoEcp *ecp, const char *response_msg) ecp->assertionConsumerURL = (char*)xmlGetProp( xpathObj->nodesetval->nodeTab[0], (xmlChar*)"AssertionConsumerURL"); } - - xmlXPathFreeContext(xpathCtx); xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); + xpathCtx = NULL; + xpathObj = NULL; new_envelope = xmlNewNode(NULL, (xmlChar*)"Envelope"); xmlSetNs(new_envelope, xmlNewNs(new_envelope, @@ -251,7 +261,7 @@ lasso_ecp_process_response_msg(LassoEcp *ecp, const char *response_msg) xmlAddChild(header, ecp_relay_state); } - xmlAddChild(new_envelope, xmlCopyNode(body, 1)); + xmlAddChild(new_envelope, body); handler = xmlFindCharEncodingHandler("utf-8"); buf = xmlAllocOutputBuffer(handler); diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 63ffd323..59d925a2 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -737,6 +737,7 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me char *artifact; char *url; LassoSaml2Assertion *assertion; + LassoSamlp2StatusResponse *response; profile = LASSO_PROFILE(login); @@ -775,6 +776,12 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me } g_free(url); + response = LASSO_SAMLP2_STATUS_RESPONSE(profile->response); + if (response->Status == NULL || response->Status->StatusCode == NULL + || response->Status->StatusCode->Value == NULL) { + return critical_error(LASSO_PROFILE_ERROR_MISSING_STATUS_CODE); + } + if (strcmp(LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->Status->StatusCode->Value, "samlp:Success") != 0) { if (profile->session == NULL) @@ -906,6 +913,7 @@ lasso_saml20_login_process_paos_response_msg(LassoLogin *login, gchar *msg) doc = xmlParseMemory(msg, strlen(msg)); xpathCtx = xmlXPathNewContext(doc); + /* XXX:BEFORE-LASSO-2.0 */ /* check PAOS response */ /*xmlnode = NULL; xmlXPathRegisterNs(xpathCtx, (xmlChar*)"paos", (xmlChar*)LASSO_PAOS_HREF); @@ -926,6 +934,9 @@ lasso_saml20_login_process_paos_response_msg(LassoLogin *login, gchar *msg) xmlnode = xpathObj->nodesetval->nodeTab[0]; LASSO_PROFILE(login)->msg_relayState = (char*)xmlNodeGetContent(xmlnode); } + xmlXPathFreeContext(xpathCtx); + xmlXPathFreeObject(xpathObj); + xmlFreeDoc(doc); profile->response = response; profile->remote_providerID = g_strdup( @@ -1098,14 +1109,13 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login) } if (encrypted_element != NULL && encryption_private_key != NULL) { - LASSO_PROFILE(login)->nameIdentifier = LASSO_NODE( + profile->nameIdentifier = LASSO_NODE( lasso_node_decrypt(encrypted_element, encryption_private_key)); - assertion->Subject->NameID = - LASSO_SAML2_NAME_ID(LASSO_PROFILE(login)->nameIdentifier); + assertion->Subject->NameID = LASSO_SAML2_NAME_ID(profile->nameIdentifier); assertion->Subject->EncryptedID = NULL; } - if (LASSO_PROFILE(login)->nameIdentifier == NULL) + if (profile->nameIdentifier == NULL) return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; } @@ -1150,11 +1160,11 @@ lasso_saml20_login_accept_sso(LassoLogin *login) lasso_session_add_assertion(profile->session, profile->remote_providerID, g_object_ref(assertion)); - ni = assertion->Subject->NameID; - - if (ni == NULL) + if (assertion->Subject && assertion->Subject->NameID) { + ni = assertion->Subject->NameID; + } else { return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; - + } /* create federation, only if nameidentifier format is Federated */ if (strcmp(ni->Format, LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) == 0) { @@ -1198,8 +1208,8 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login) LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->certificate_file = g_strdup(profile->server->certificate); - remote_provider = g_hash_table_lookup(LASSO_PROFILE(login)->server->providers, - LASSO_PROFILE(login)->remote_providerID); + remote_provider = g_hash_table_lookup(profile->server->providers, + profile->remote_providerID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND); diff --git a/lasso/saml-2.0/logout.c b/lasso/saml-2.0/logout.c index 9175ebbf..057a09d8 100644 --- a/lasso/saml-2.0/logout.c +++ b/lasso/saml-2.0/logout.c @@ -70,6 +70,10 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov return LASSO_PROFILE_ERROR_MISSING_SUBJECT; } + if (assertion->Subject->NameID == NULL) { + return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; + } + name_id = assertion->Subject->NameID; if (name_id->Format && strcmp(name_id->Format, LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) == 0) { diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index 21b060fa..be5972dc 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -1425,7 +1425,7 @@ lasso_node_init_from_message(LassoNode *node, const char *message) xmlDoc *doc; xmlNode *root; xmlXPathContext *xpathCtx = NULL; - xmlXPathObject *xpathObj; + xmlXPathObject *xpathObj = NULL; doc = xmlParseMemory(msg, strlen(msg)); if (doc == NULL) @@ -1438,13 +1438,16 @@ lasso_node_init_from_message(LassoNode *node, const char *message) if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr ) { root = xpathObj->nodesetval->nodeTab[0]; } - xmlXPathFreeObject(xpathObj); - xmlXPathFreeContext(xpathCtx); } lasso_node_init_from_xml(node, root); + xmlXPathFreeObject(xpathObj); + xmlXPathFreeContext(xpathCtx); xmlFreeDoc(doc); - if (xpathCtx) + if (xpathCtx) { + /* this tests a pointer which has been freed, it works + * but is not really elegant */ return LASSO_MESSAGE_FORMAT_SOAP; + } if (b64) { g_free(msg); return LASSO_MESSAGE_FORMAT_BASE64; |