From 4ba02b07253ddde0619e5a45df6aa431f1985352 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon, 27 Apr 2009 08:19:24 +0000
Subject: lasso_saml20_profile_init_artifact_resolve(): check http_method

 * lasso/saml-2.0/profile.c:
   check the given http_method it must one in
   - LASSO_HTTP_METHOD_ARTIFACT_POST,
   - LASSO_HTTP_METHOD_ARTIFACT_GET.
---
 lasso/saml-2.0/profile.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 359d9851..60f664b7 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -232,8 +232,10 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
 		if (artifact_b64 == NULL) {
 			return LASSO_PROFILE_ERROR_MISSING_ARTIFACT;
 		}
-	} else {
+	} else if (method == LASSO_HTTP_METHOD_ARTIFACT_POST) {
 		artifact_b64 = g_strdup(msg);
+	} else {
+		return critical_error(LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD);
 	}
 
 	i = xmlSecBase64Decode((xmlChar*)artifact_b64, (xmlChar*)artifact, 45);
-- 
cgit