The version of XMLString::transcode that takes a length is an output
parameter length not an input length. It was reading past end of
buffer on the input and was producing garbage output. That version is
deprecated; use the version that allocates. Copy the GSS attribute
names and values so we can properly null terminate.
static BaseRefVectorOf<XMLCh> *
decomposeAttributeName(const gss_buffer_t attr)
{
static BaseRefVectorOf<XMLCh> *
decomposeAttributeName(const gss_buffer_t attr)
{
- XMLCh *qualifiedAttr = new XMLCh[attr->length + 1];
- XMLString::transcode((const char *)attr->value, qualifiedAttr, attr->length);
+ string inputAttr((const char *) attr->value, attr->length);
+ XMLCh *qualifiedAttr = XMLString::transcode((const char *)inputAttr.c_str());
BaseRefVectorOf<XMLCh> *components = XMLString::tokenizeString(qualifiedAttr);
BaseRefVectorOf<XMLCh> *components = XMLString::tokenizeString(qualifiedAttr);
+ XMLString::release(&qualifiedAttr);
if (components->size() != 2) {
delete components;
if (components->size() != 2) {
delete components;
attribute->setNameFormat(components->elementAt(0));
attribute->setName(components->elementAt(1));
attribute->setNameFormat(components->elementAt(0));
attribute->setName(components->elementAt(1));
- XMLCh *xmlValue = new XMLCh[value->length + 1];
- XMLString::transcode((const char *)value->value, xmlValue, attr->length);
+ string sValue((const char *) value->value, value->length);
+ XMLCh *xmlValue = XMLString::transcode(sValue.c_str());
attributeValue = saml2::AttributeValueBuilder::buildAttributeValue();
attributeValue->setTextContent(xmlValue);
attributeValue = saml2::AttributeValueBuilder::buildAttributeValue();
attributeValue->setTextContent(xmlValue);
attributeStatement->getAttributes().push_back(attribute);
delete components;
attributeStatement->getAttributes().push_back(attribute);
delete components;
+ XMLString::release(&xmlValue);;