diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-04-22 23:49:22 +0000 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-04-22 23:49:22 +0000 |
| commit | b538c31bd397e9784c7fd497b2ccd6f2a862dcaf (patch) | |
| tree | 62a32756f09fee6a7b0af484b531d7126c9defcf | |
| parent | 35eb8da3795e50c38882cee6db123b319091657b (diff) | |
| download | lasso-b538c31bd397e9784c7fd497b2ccd6f2a862dcaf.tar.gz lasso-b538c31bd397e9784c7fd497b2ccd6f2a862dcaf.tar.xz lasso-b538c31bd397e9784c7fd497b2ccd6f2a862dcaf.zip | |
SAML 2.0: Check http_method in build_artifact_msg
* lasso/saml-2.0/login.c:
if http_method is not among ARTIFACT_GET and ARTIFACT_POST, return an
INVALID_HTTP_METHOD error.
| -rw-r--r-- | lasso/saml-2.0/login.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 7d8939c1..00bd323e 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -912,6 +912,10 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me if (profile->remote_providerID == NULL) return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID); + if (http_method != LASSO_HTTP_METHOD_ARTIFACT_GET && http_method != LASSO_HTTP_METHOD_ARTIFACT_POST) { + return critical_error(LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD); + } + remote_provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) |