diff options
| author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2010-07-02 11:50:54 +0000 |
|---|---|---|
| committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2010-07-02 11:50:54 +0000 |
| commit | 8196132f9d5a54c01e95198c0b726a0bf61ff98e (patch) | |
| tree | 47839240bdacffa05da89fd44e3caa1bac9af6a4 | |
| parent | f8f3eb15a2dc9ef21d1a1a82aea814d93803b7ea (diff) | |
| download | mod_auth_mellon-8196132f9d5a54c01e95198c0b726a0bf61ff98e.tar.gz mod_auth_mellon-8196132f9d5a54c01e95198c0b726a0bf61ff98e.tar.xz mod_auth_mellon-8196132f9d5a54c01e95198c0b726a0bf61ff98e.zip | |
Verify Address in SubjectConfirmationData.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@102 a716ebb1-153a-0410-b759-cfb97c6a1b53
| -rw-r--r-- | auth_mellon_handler.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 61791fe..c2483a4 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -1215,6 +1215,16 @@ static int am_validate_subject(request_rec *r, LassoSaml2Assertion *assertion, } } + if (scd->Address) { + if (strcasecmp(scd->Address, r->connection->remote_ip)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Wrong Address in SubjectConfirmationData." + "Current address is \"%s\", but should have been \"%s\".", + r->connection->remote_ip, scd->Address); + return HTTP_BAD_REQUEST; + } + } + return OK; } |