projects
/
shibboleth
/
sp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Tagging 2.4.2 release.
[shibboleth/sp.git]
/
shibsp
/
handler
/
impl
/
AbstractHandler.cpp
diff --git
a/shibsp/handler/impl/AbstractHandler.cpp
b/shibsp/handler/impl/AbstractHandler.cpp
index
967351b
..
4944e0c
100644
(file)
--- a/
shibsp/handler/impl/AbstractHandler.cpp
+++ b/
shibsp/handler/impl/AbstractHandler.cpp
@@
-118,7
+118,7
@@
namespace shibsp {
const PropertySet* sessionProps = application.getPropertySet("Sessions");
if (sessionProps) {
pair<bool,const char*> relayStateLimit = sessionProps->getString("relayStateLimit");
const PropertySet* sessionProps = application.getPropertySet("Sessions");
if (sessionProps) {
pair<bool,const char*> relayStateLimit = sessionProps->getString("relayStateLimit");
- if (relayStateLimit.first) {
+ if (relayStateLimit.first
&& strcmp(relayStateLimit.second, "none")
) {
vector<string> whitelist;
if (!strcmp(relayStateLimit.second, "exact")) {
// Scheme and hostname have to match.
vector<string> whitelist;
if (!strcmp(relayStateLimit.second, "exact")) {
// Scheme and hostname have to match.
@@
-159,6
+159,10
@@
namespace shibsp {
}
}
}
}
}
}
+ else {
+ log.warn("unrecognized relayStateLimit policy (%s), blocked redirect to (%s)", relayStateLimit.second, relayState);
+ throw opensaml::SecurityPolicyException("Unrecognized relayStateLimit setting.");
+ }
for (vector<string>::const_iterator w = whitelist.begin(); w != whitelist.end(); ++w) {
if (XMLString::startsWithI(relayState, w->c_str())) {
for (vector<string>::const_iterator w = whitelist.begin(); w != whitelist.end(); ++w) {
if (XMLString::startsWithI(relayState, w->c_str())) {