git-svn-id: https://svn.middleware.georgetown.edu/cpp-opensaml2/trunk@287
fb386ef7-a10c-0410-8ebf-
fd3f8e989ab0
// Check recipient URL.
auto_ptr_char recipient(response->getRecipient());
const char* recipient2 = httpRequest->getRequestURL();
// Check recipient URL.
auto_ptr_char recipient(response->getRecipient());
const char* recipient2 = httpRequest->getRequestURL();
+ const char* delim = strchr(recipient2, '?');
if (!recipient.get() || !*(recipient.get())) {
log.error("response missing Recipient attribute");
throw BindingException("SAML response did not contain Recipient attribute identifying intended destination.");
}
if (!recipient.get() || !*(recipient.get())) {
log.error("response missing Recipient attribute");
throw BindingException("SAML response did not contain Recipient attribute identifying intended destination.");
}
- else if (!recipient2 || !*recipient2 || strcmp(recipient.get(),recipient2)) {
- log.error("POST targeted at (%s), but delivered to (%s)", recipient.get(), recipient2 ? recipient2 : "none");
+ else if ((delim && strncmp(recipient.get(), recipient2, delim - recipient2)) || (!delim && strcmp(recipient.get(),recipient2))) {
+ log.error("POST targeted at (%s), but delivered to (%s)", recipient.get(), recipient2);
throw BindingException("SAML message delivered with POST to incorrect server URL.");
}
throw BindingException("SAML message delivered with POST to incorrect server URL.");
}
// Check destination URL.
auto_ptr_char dest(request ? request->getDestination() : response->getDestination());
const char* dest2 = httpRequest->getRequestURL();
// Check destination URL.
auto_ptr_char dest(request ? request->getDestination() : response->getDestination());
const char* dest2 = httpRequest->getRequestURL();
+ const char* delim = strchr(dest2, '?');
if ((root->getSignature() || httpRequest->getParameter("Signature")) && (!dest.get() || !*(dest.get()))) {
log.error("signed SAML message missing Destination attribute");
throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
}
if ((root->getSignature() || httpRequest->getParameter("Signature")) && (!dest.get() || !*(dest.get()))) {
log.error("signed SAML message missing Destination attribute");
throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
}
- else if (dest.get() && (!dest2 || !*dest2 || strcmp(dest.get(),dest2))) {
- log.error("POST targeted at (%s), but delivered to (%s)", dest.get(), dest2 ? dest2 : "none");
+ else if ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2))) {
+ log.error("POST targeted at (%s), but delivered to (%s)", dest.get(), dest2);
throw BindingException("SAML message delivered with POST to incorrect server URL.");
}
throw BindingException("SAML message delivered with POST to incorrect server URL.");
}
// Check destination URL.
auto_ptr_char dest(request ? request->getDestination() : response->getDestination());
const char* dest2 = httpRequest->getRequestURL();
// Check destination URL.
auto_ptr_char dest(request ? request->getDestination() : response->getDestination());
const char* dest2 = httpRequest->getRequestURL();
+ const char* delim = strchr(dest2, '?');
if ((root->getSignature() || httpRequest->getParameter("Signature")) && (!dest.get() || !*(dest.get()))) {
log.error("signed SAML message missing Destination attribute");
throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
}
if ((root->getSignature() || httpRequest->getParameter("Signature")) && (!dest.get() || !*(dest.get()))) {
log.error("signed SAML message missing Destination attribute");
throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
}
- else if (dest.get() && (!dest2 || !*dest2 || strcmp(dest.get(),dest2))) {
- log.error("Redirect targeted at (%s), but delivered to (%s)", dest.get(), dest2 ? dest2 : "none");
+ else if ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2))) {
+ log.error("Redirect targeted at (%s), but delivered to (%s)", dest.get(), dest2);
throw BindingException("SAML message delivered with Redirect to incorrect server URL.");
}
throw BindingException("SAML message delivered with Redirect to incorrect server URL.");
}