diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-01-24 09:34:04 +0000 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-01-24 09:34:04 +0000 |
| commit | d38057f858e853c4eb87fdcd8487799cc7b34d7e (patch) | |
| tree | 59fd605b37e4ef1e17250268ef37b9c9d8e41b21 | |
| parent | b5d79960c76edcf231996c36a1752a03832566e7 (diff) | |
| download | lasso-d38057f858e853c4eb87fdcd8487799cc7b34d7e.tar.gz lasso-d38057f858e853c4eb87fdcd8487799cc7b34d7e.tar.xz lasso-d38057f858e853c4eb87fdcd8487799cc7b34d7e.zip | |
ID-FF 1.2: review logout_validate_request
* lasso/id-ff/logout.c (lasso_logout_validate_request):
- when signature verification failed in process_request_msg,
do not continue validation of the request, stop immediately and
return the signature status code.
- use utils.h macro for memory allocation handling. Fix potential leak
of the profile->response object.
| -rw-r--r-- | lasso/id-ff/logout.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index e2b85df6..e45bb2f6 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -789,6 +789,10 @@ gint lasso_logout_reset_providerID_index(LassoLogout *logout) * Sets a logout response with status code value to success. * </para></listitem> * <listitem><para> + * Checks current signature status, if verification failed, stop processing + * and set the status code value to failure. + * </para></listitem> + * <listitem><para> * Verifies federation and authentication. * </para></listitem> * <listitem><para> @@ -831,11 +835,7 @@ lasso_logout_validate_request(LassoLogout *logout) if (LASSO_IS_LIB_LOGOUT_REQUEST(profile->request) == FALSE) return LASSO_PROFILE_ERROR_MISSING_REQUEST; - if (profile->remote_providerID) { - g_free(profile->remote_providerID); - } - - profile->remote_providerID = g_strdup( + lasso_assign_string(profile->remote_providerID = LASSO_LIB_LOGOUT_REQUEST(profile->request)->ProviderID); /* get the provider */ @@ -846,7 +846,7 @@ lasso_logout_validate_request(LassoLogout *logout) } /* Set LogoutResponse */ - profile->response = NULL; + lasso_release_gobject(profile->response); if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) { profile->response = lasso_lib_logout_response_new_full( LASSO_PROVIDER(profile->server)->ProviderID, @@ -868,10 +868,11 @@ lasso_logout_validate_request(LassoLogout *logout) return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED); } - /* verify signature status */ + /* Verify signature status, if signature is invalid, stop validation here */ if (profile->signature_status != 0) { lasso_profile_set_response_status(profile, LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE); + return profile->signature_status; } /* Get the name identifier */ @@ -949,13 +950,9 @@ lasso_logout_validate_request(LassoLogout *logout) */ if (remote_provider->role == LASSO_PROVIDER_ROLE_SP && g_hash_table_size(profile->session->assertions) >= 1) { - logout->initial_remote_providerID = profile->remote_providerID; - logout->initial_request = LASSO_NODE(profile->request); - logout->initial_response = LASSO_NODE(profile->response); - - profile->remote_providerID = NULL; - profile->request = NULL; - profile->response = NULL; + lasso_transfer_string(logout->initial_remote_providerID, profile->remote_providerID); + lasso_transfer_gobject(logout->initial_request, LASSO_NODE(profile->request)); + lasso_transfer_gobject(logout->initial_response, LASSO_NODE(profile->response)); } return 0; |