From: cantor Date: Tue, 25 Sep 2007 16:49:29 +0000 (+0000) Subject: Limit number of transforms. X-Git-Tag: 2.4.1~307 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fopensaml2.git;a=commitdiff_plain;h=c51b4e44fdd7305327af4661a1f610d05d2203fd Limit number of transforms. git-svn-id: https://svn.middleware.georgetown.edu/cpp-opensaml2/trunk@313 fb386ef7-a10c-0410-8ebf-fd3f8e989ab0 --- diff --git a/saml/signature/SignatureProfileValidator.cpp b/saml/signature/SignatureProfileValidator.cpp index b748f3b..a3159a6 100644 --- a/saml/signature/SignatureProfileValidator.cpp +++ b/saml/signature/SignatureProfileValidator.cpp @@ -63,13 +63,15 @@ void SignatureProfileValidator::validateSignature(const Signature& sigObj) const const XMLCh* ID=signableObj->getXMLID(); if (URI==NULL || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) { DSIGTransformList* tlist=ref->getTransforms(); - for (unsigned int i=0; tlist && igetSize(); i++) { - if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE) - valid=true; - else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N && - tlist->item(i)->getTransformType()!=TRANSFORM_C14N) { - valid=false; - break; + if (tlist->getSize() <= 2) { + for (unsigned int i=0; tlist && igetSize(); i++) { + if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE) + valid=true; + else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N && + tlist->item(i)->getTransformType()!=TRANSFORM_C14N) { + valid=false; + break; + } } } }