From: cantor <cantor@fb386ef7-a10c-0410-8ebf-fd3f8e989ab0>
Date: Thu, 9 Aug 2007 18:32:34 +0000 (+0000)
Subject: Check for missing Destination value.
X-Git-Tag: 2.4.1~327
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fopensaml2.git;a=commitdiff_plain;h=b87248a43456d40e9f72941820afd49ddc430fb3

Check for missing Destination value.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-opensaml2/trunk@292 fb386ef7-a10c-0410-8ebf-fd3f8e989ab0
---

diff --git a/saml/saml2/binding/impl/SAML2POSTDecoder.cpp b/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
index d3047ed..8595e7e 100644
--- a/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
@@ -134,7 +134,7 @@ XMLObject* SAML2POSTDecoder::decode(
         log.error("signed SAML message missing Destination attribute");
         throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
     }
-    else if ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2))) {
+    else if (dest.get() && *dest.get() && ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2)))) {
         log.error("POST targeted at (%s), but delivered to (%s)", dest.get(), dest2);
         throw BindingException("SAML message delivered with POST to incorrect server URL.");
     }
diff --git a/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp b/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp
index 4a725bc..a5e599d 100644
--- a/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp
@@ -148,7 +148,7 @@ XMLObject* SAML2RedirectDecoder::decode(
         log.error("signed SAML message missing Destination attribute");
         throw BindingException("Signed SAML message missing Destination attribute identifying intended destination.");
     }
-    else if ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2))) {
+    else if (dest.get() && *dest.get() && ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2)))) {
         log.error("Redirect targeted at (%s), but delivered to (%s)", dest.get(), dest2);
         throw BindingException("SAML message delivered with Redirect to incorrect server URL.");
     }