From: Scott Cantor Date: Tue, 25 Sep 2012 22:04:10 +0000 (+0000) Subject: https://issues.shibboleth.net/jira/browse/SSPCPP-504 X-Git-Tag: 2.5.1~63 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=7c16f680e5e3ef37ceab7bf44d5bf9431942ab1c https://issues.shibboleth.net/jira/browse/SSPCPP-504 --- diff --git a/shibsp/attribute/NameIDAttribute.cpp b/shibsp/attribute/NameIDAttribute.cpp index fbdb2c9..43a78b7 100644 --- a/shibsp/attribute/NameIDAttribute.cpp +++ b/shibsp/attribute/NameIDAttribute.cpp @@ -61,10 +61,21 @@ NameIDAttribute::NameIDAttribute(DDF& in) : Attribute(in) m_hashAlg = val.string(); const char* pch; val = in.first().first(); - while (val.name()) { + while (!val.isnull()) { m_values.push_back(Value()); Value& v = m_values.back(); - v.m_Name = val.name(); + // There are two serializations supported. The new one is in 2.5.1 and fixes SPPCPP-504. + // The original is the first branch and was vulnerable to non-ASCII characters in the value. + // Supporting both means at least minimal support for rolling upgrades if a shibd instance is + // shared. + if (val.name()) { + v.m_Name = val.name(); + } + else { + pch = val["Name"].string(); + if (pch) + v.m_Name = pch; + } pch = val["Format"].string(); if (pch) v.m_Format = pch; @@ -176,7 +187,8 @@ DDF NameIDAttribute::marshall() const ddf.addmember("_hashalg").string(m_hashAlg.c_str()); DDF vlist = ddf.first(); for (vector::const_iterator i=m_values.begin(); i!=m_values.end(); ++i) { - DDF val = DDF(i->m_Name.c_str()).structure(); + DDF val = DDF(nullptr).structure(); + val.addmember("Name").string(i->m_Name.c_str()); if (!i->m_Format.empty()) val.addmember("Format").string(i->m_Format.c_str()); if (!i->m_NameQualifier.empty())