From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 25 Sep 2007 16:49:29 +0000 (+0000)
Subject: Limit number of transforms.
X-Git-Tag: 2.0-beta2~37
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=commitdiff_plain;h=285393d374d488080726f5f00f90aa4590256724

Limit number of transforms.
---

diff --git a/saml/signature/SignatureProfileValidator.cpp b/saml/signature/SignatureProfileValidator.cpp
index b748f3b..a3159a6 100644
--- a/saml/signature/SignatureProfileValidator.cpp
+++ b/saml/signature/SignatureProfileValidator.cpp
@@ -63,13 +63,15 @@ void SignatureProfileValidator::validateSignature(const Signature& sigObj) const
             const XMLCh* ID=signableObj->getXMLID();
             if (URI==NULL || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) {
                 DSIGTransformList* tlist=ref->getTransforms();
-                for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
-                    if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
-                        valid=true;
-                    else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
-                             tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
-                        valid=false;
-                        break;
+                if (tlist->getSize() <= 2) { 
+                    for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
+                        if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
+                            valid=true;
+                        else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
+                                 tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
+                            valid=false;
+                            break;
+                        }
                     }
                 }
             }