From c51b4e44fdd7305327af4661a1f610d05d2203fd Mon Sep 17 00:00:00 2001 From: cantor Date: Tue, 25 Sep 2007 16:49:29 +0000 Subject: [PATCH] Limit number of transforms. git-svn-id: https://svn.middleware.georgetown.edu/cpp-opensaml2/trunk@313 fb386ef7-a10c-0410-8ebf-fd3f8e989ab0 --- saml/signature/SignatureProfileValidator.cpp | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/saml/signature/SignatureProfileValidator.cpp b/saml/signature/SignatureProfileValidator.cpp index b748f3b..a3159a6 100644 --- a/saml/signature/SignatureProfileValidator.cpp +++ b/saml/signature/SignatureProfileValidator.cpp @@ -63,13 +63,15 @@ void SignatureProfileValidator::validateSignature(const Signature& sigObj) const const XMLCh* ID=signableObj->getXMLID(); if (URI==NULL || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) { DSIGTransformList* tlist=ref->getTransforms(); - for (unsigned int i=0; tlist && igetSize(); i++) { - if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE) - valid=true; - else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N && - tlist->item(i)->getTransformType()!=TRANSFORM_C14N) { - valid=false; - break; + if (tlist->getSize() <= 2) { + for (unsigned int i=0; tlist && igetSize(); i++) { + if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE) + valid=true; + else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N && + tlist->item(i)->getTransformType()!=TRANSFORM_C14N) { + valid=false; + break; + } } } } -- 2.1.4