projects
/
shibboleth
/
cpp-sp.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
c9047b7
)
https://issues.shibboleth.net/jira/browse/SSPCPP-504
author
Scott Cantor
<cantor.2@osu.edu>
Tue, 25 Sep 2012 22:04:10 +0000
(22:04 +0000)
committer
Scott Cantor
<cantor.2@osu.edu>
Tue, 25 Sep 2012 22:04:10 +0000
(22:04 +0000)
shibsp/attribute/NameIDAttribute.cpp
patch
|
blob
|
history
diff --git
a/shibsp/attribute/NameIDAttribute.cpp
b/shibsp/attribute/NameIDAttribute.cpp
index
fbdb2c9
..
43a78b7
100644
(file)
--- a/
shibsp/attribute/NameIDAttribute.cpp
+++ b/
shibsp/attribute/NameIDAttribute.cpp
@@
-61,10
+61,21
@@
NameIDAttribute::NameIDAttribute(DDF& in) : Attribute(in)
m_hashAlg = val.string();
const char* pch;
val = in.first().first();
m_hashAlg = val.string();
const char* pch;
val = in.first().first();
- while (
val.name
()) {
+ while (
!val.isnull
()) {
m_values.push_back(Value());
Value& v = m_values.back();
m_values.push_back(Value());
Value& v = m_values.back();
- v.m_Name = val.name();
+ // There are two serializations supported. The new one is in 2.5.1 and fixes SPPCPP-504.
+ // The original is the first branch and was vulnerable to non-ASCII characters in the value.
+ // Supporting both means at least minimal support for rolling upgrades if a shibd instance is
+ // shared.
+ if (val.name()) {
+ v.m_Name = val.name();
+ }
+ else {
+ pch = val["Name"].string();
+ if (pch)
+ v.m_Name = pch;
+ }
pch = val["Format"].string();
if (pch)
v.m_Format = pch;
pch = val["Format"].string();
if (pch)
v.m_Format = pch;
@@
-176,7
+187,8
@@
DDF NameIDAttribute::marshall() const
ddf.addmember("_hashalg").string(m_hashAlg.c_str());
DDF vlist = ddf.first();
for (vector<Value>::const_iterator i=m_values.begin(); i!=m_values.end(); ++i) {
ddf.addmember("_hashalg").string(m_hashAlg.c_str());
DDF vlist = ddf.first();
for (vector<Value>::const_iterator i=m_values.begin(); i!=m_values.end(); ++i) {
- DDF val = DDF(i->m_Name.c_str()).structure();
+ DDF val = DDF(nullptr).structure();
+ val.addmember("Name").string(i->m_Name.c_str());
if (!i->m_Format.empty())
val.addmember("Format").string(i->m_Format.c_str());
if (!i->m_NameQualifier.empty())
if (!i->m_Format.empty())
val.addmember("Format").string(i->m_Format.c_str());
if (!i->m_NameQualifier.empty())