From b538c31bd397e9784c7fd497b2ccd6f2a862dcaf Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 22 Apr 2009 23:49:22 +0000
Subject: SAML 2.0: Check http_method in build_artifact_msg

 * lasso/saml-2.0/login.c:
   if http_method is not among ARTIFACT_GET and ARTIFACT_POST, return an
   INVALID_HTTP_METHOD error.
---
 lasso/saml-2.0/login.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 7d8939c1..00bd323e 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -912,6 +912,10 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me
 	if (profile->remote_providerID == NULL)
 		return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
 
+	if (http_method != LASSO_HTTP_METHOD_ARTIFACT_GET && http_method != LASSO_HTTP_METHOD_ARTIFACT_POST) {
+		return critical_error(LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD);
+	}
+
 	remote_provider = g_hash_table_lookup(profile->server->providers,
 			profile->remote_providerID);
 	if (LASSO_IS_PROVIDER(remote_provider) == FALSE)
-- 
cgit