- void clearHeader(const char* name) {
- if (!strcmp(name,"REMOTE_USER")) {
- param_free(pblock_remove("auth-user",m_rq->vars));
- param_free(pblock_remove("remote-user",m_rq->headers));
- }
- else {
- param_free(pblock_remove(name, m_rq->headers));
- pblock_nvinsert(name, g_unsetHeaderValue.c_str() ,m_rq->headers);
+ void clearHeader(const char* rawname, const char* cginame) {
+ if (g_checkSpoofing && m_firsttime && !m_rq->orig_rq) {
+ if (m_allhttp.empty()) {
+ // Populate the set of client-supplied headers for spoof checking.
+ const pb_entry* entry;
+ for (int i=0; i<m_rq->headers->hsize; ++i) {
+ entry = m_rq->headers->ht[i];
+ while (entry) {
+ string cgiversion("HTTP_");
+ const char* pch = entry->param->name;
+ while (*pch) {
+ cgiversion += (isalnum(*pch) ? toupper(*pch) : '_');
+ pch++;
+ }
+ m_allhttp.insert(cgiversion);
+ entry = entry->next;
+ }
+ }
+ }
+ if (m_allhttp.count(cginame) > 0)
+ throw opensaml::SecurityPolicyException("Attempt to spoof header ($1) was detected.", params(1, rawname));