From cd9c25c0f230e1b6dace3c61936055ed3e7ce645 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Sat, 24 Jan 2009 09:34:24 +0000
Subject: ID-FF 1.2: review logout_process_request_msg

 * lasso/id-ff/logout.c (lasso_logout_process_request_msg): use the
   new allocation macros, add checking of the parsed object type, add
   validation of some schema constraints before processing, like
   presence of the name identifier.
---
 lasso/id-ff/logout.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'lasso/id-ff/logout.c')

diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c
index e45bb2f6..b9151eed 100644
--- a/lasso/id-ff/logout.c
+++ b/lasso/id-ff/logout.c
@@ -515,6 +515,7 @@ lasso_logout_process_request_msg(LassoLogout *logout, char *request_msg)
 	LassoProfile *profile;
 	LassoProvider *remote_provider;
 	LassoMessageFormat format;
+	LassoLibLogoutRequest *logout_request;
 
 	g_return_val_if_fail(LASSO_IS_LOGOUT(logout), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
 	g_return_val_if_fail(request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
@@ -525,12 +526,19 @@ lasso_logout_process_request_msg(LassoLogout *logout, char *request_msg)
 		return lasso_saml20_logout_process_request_msg(logout, request_msg);
 	}
 
-	profile->request = lasso_lib_logout_request_new();
+	lasso_assign_new_gobject(profile->request, lasso_lib_logout_request_new());
 	format = lasso_node_init_from_message(LASSO_NODE(profile->request), request_msg);
-	if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) {
+	if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR || ! LASSO_IS_LIB_LOGOUT_REQUEST(profile->request)) {
 		return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
 	}
 
+	logout_request = LASSO_LIB_LOGOUT_REQUEST(profile->request);
+
+	/* Validate some schema constraints */
+	if (LASSO_LIB_LOGOUT_REQUEST(profile->request)->ProviderID == NULL
+			|| LASSO_IS_SAML_NAME_IDENTIFIER(logout_request->NameIdentifier) == FALSE) {
+		return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
+	}
 	if (profile->remote_providerID) {
 		g_free(profile->remote_providerID);
 	}
-- 
cgit