https://issues.shibboleth.net/jira/browse/SSPCPP-598

author Scott Cantor <cantor.2@osu.edu>

Thu, 21 Nov 2013 15:03:16 +0000 (15:03 +0000)

committer Scott Cantor <cantor.2@osu.edu>

Thu, 21 Nov 2013 15:03:16 +0000 (15:03 +0000)
author Scott Cantor <cantor.2@osu.edu>
Thu, 21 Nov 2013 15:03:16 +0000 (15:03 +0000)
committer Scott Cantor <cantor.2@osu.edu>
Thu, 21 Nov 2013 15:03:16 +0000 (15:03 +0000)
diff --git a/shibsp/metadata/DynamicMetadataProvider.cpp b/shibsp/metadata/DynamicMetadataProvider.cpp

index 9f9079d..da5c808 100644 (file)
--- a/shibsp/metadata/DynamicMetadataProvider.cpp
+++ b/shibsp/metadata/DynamicMetadataProvider.cpp
@@ -40,6 +40,7 @@
  #include <saml/binding/SAMLArtifact.h>
  #include <saml/saml2/metadata/Metadata.h>
  #include <saml/saml2/metadata/DynamicMetadataProvider.h>
  #include <saml/binding/SAMLArtifact.h>
  #include <saml/saml2/metadata/Metadata.h>
  #include <saml/saml2/metadata/DynamicMetadataProvider.h>
+
  #include <xmltooling/logging.h>
  #include <xmltooling/XMLToolingConfig.h>
  #include <xmltooling/security/Credential.h>
  #include <xmltooling/logging.h>
  #include <xmltooling/XMLToolingConfig.h>
  #include <xmltooling/security/Credential.h>
@@ -300,6 +301,12 @@ saml2md::EntityDescriptor* DynamicMetadataProvider::resolve(const saml2md::Metad
          // Wrap the document for now.
          XercesJanitor<DOMDocument> docjanitor(doc);
  
          // Wrap the document for now.
          XercesJanitor<DOMDocument> docjanitor(doc);
  
+        // Check root element.
+        if (!doc->getDocumentElement() || !XMLHelper::isNodeNamed(doc->getDocumentElement(),
+                samlconstants::SAML20MD_NS, saml2md::EntityDescriptor::LOCAL_NAME)) {
+            throw saml2md::MetadataException("Root of metadata instance was not an EntityDescriptor");
+        }
+
          // Unmarshall objects, binding the document.
          auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
          docjanitor.release();
          // Unmarshall objects, binding the document.
          auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
          docjanitor.release();
author	Scott Cantor <cantor.2@osu.edu>
	Thu, 21 Nov 2013 15:03:16 +0000 (15:03 +0000)
committer	Scott Cantor <cantor.2@osu.edu>
	Thu, 21 Nov 2013 15:03:16 +0000 (15:03 +0000)