diff options
author | manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2009-06-06 10:09:22 +0000 |
---|---|---|
committer | manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2009-06-06 10:09:22 +0000 |
commit | abbefe3066b30904cd324cde24db99fc44fb99e2 (patch) | |
tree | ce659a4eecc1db1913e6e2c6ce46d306d668738c /auth_mellon_handler.c | |
parent | f79b9efaca2a1439dcfcf8491e3772b0e0d63543 (diff) | |
download | mod_auth_mellon-abbefe3066b30904cd324cde24db99fc44fb99e2.tar.gz mod_auth_mellon-abbefe3066b30904cd324cde24db99fc44fb99e2.tar.xz mod_auth_mellon-abbefe3066b30904cd324cde24db99fc44fb99e2.zip |
When generating metadata, strip leading and trailing content around the
certificate, as it will confuse XML parsers if it contains [<>&].
git-svn-id: https://modmellon.googlecode.com/svn/trunk@54 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_handler.c')
-rw-r--r-- | auth_mellon_handler.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index d4983b7..11952a1 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -83,7 +83,27 @@ static char *am_generate_metadata(apr_pool_t *p, request_rec *r) char *url = am_get_endpoint_url(r); char *cert = ""; - if (cfg->sp_cert_file) + if (cfg->sp_cert_file) { + char *sp_cert_file; + char *cp; + const char *begin = "-----BEGIN CERTIFICATE-----"; + const char *end = "-----END CERTIFICATE-----"; + + /* + * Try to remove leading and trailing garbage, as it can + * wreak havoc XML parser if it contains [<>&] + */ + sp_cert_file = apr_pstrdup(p, cfg->sp_cert_file); + + cp = strstr(sp_cert_file, begin); + if (cp != NULL) + sp_cert_file = cp; + + cp = strstr(sp_cert_file, end); + if (cp != NULL) + *(cp + strlen(end)) = '\0'; + + cert = apr_psprintf(p, "<KeyDescriptor use=\"signing\">" "<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">" @@ -99,8 +119,9 @@ static char *am_generate_metadata(apr_pool_t *p, request_rec *r) "</ds:X509Data>" "</ds:KeyInfo>" "</KeyDescriptor>", - cfg->sp_cert_file, - cfg->sp_cert_file); + sp_cert_file, + sp_cert_file); + } return apr_psprintf(p, "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" |