projects / shibboleth / sp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 75e7092)
Fix leaks in identifier generation
authorscantor <scantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Thu, 2 Aug 2012 17:07:07 +0000 (17:07 +0000)
committerscantor <scantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Thu, 2 Aug 2012 17:07:07 +0000 (17:07 +0000)
git-svn-id: https://svn.shibboleth.net/cpp-sp/branches/REL_2@3746 cb58f699-b61c-0410-a6fe-9272a202ed29

shibsp/handler/impl/SAML2Logout.cpp patch | blob | history
shibsp/handler/impl/SAML2LogoutInitiator.cpp patch | blob | history
shibsp/handler/impl/SAML2SessionInitiator.cpp patch | blob | history
shibsp/impl/StorageServiceSessionCache.cpp patch | blob | history

diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp
index 8aa8632..ec201c4 100644 (file)
--- a/shibsp/handler/impl/SAML2Logout.cpp
+++ b/shibsp/handler/impl/SAML2Logout.cpp
@@ -679,7 +679,9 @@ pair<bool,long> SAML2Logout::sendResponse(
     logout->setIssuer(issuer);
     issuer->setName(application.getRelyingParty(dynamic_cast<EntityDescriptor*>(role->getParent()))->getXMLString("entityID").second);
     fillStatus(*logout, code, subcode, msg);
-    logout->setID(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* msgid = SAMLConfig::getConfig().generateIdentifier();
+    logout->setID(msgid);
+    XMLString::release(&msgid);
     logout->setIssueInstant(time(nullptr));
 
     if (logoutEvent) {
diff --git a/shibsp/handler/impl/SAML2LogoutInitiator.cpp b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
index 05d1e88..7de6798 100644 (file)
--- a/shibsp/handler/impl/SAML2LogoutInitiator.cpp
+++ b/shibsp/handler/impl/SAML2LogoutInitiator.cpp
@@ -527,7 +527,9 @@ auto_ptr<LogoutRequest> SAML2LogoutInitiator::buildRequest(
         msg->setNameID(nameid->cloneNameID());
     }
 
-    msg->setID(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* msgid = SAMLConfig::getConfig().generateIdentifier();
+    msg->setID(msgid);
+    XMLString::release(&msgid);
     msg->setIssueInstant(time(nullptr));
 
     if (m_async && encoder) {
diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp
index 7b13888..2e10df3 100644 (file)
--- a/shibsp/handler/impl/SAML2SessionInitiator.cpp
+++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp
@@ -713,7 +713,9 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
         }
     }
 
-    req->setID(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* genid = SAMLConfig::getConfig().generateIdentifier();
+    req->setID(genid);
+    XMLString::release(&genid);
     req->setIssueInstant(time(nullptr));
 
     scoped_ptr<AuthnRequestEvent> ar_event(newAuthnRequestEvent(app, httpRequest));
diff --git a/shibsp/impl/StorageServiceSessionCache.cpp b/shibsp/impl/StorageServiceSessionCache.cpp
index e944c2b..a6078ea 100644 (file)
--- a/shibsp/impl/StorageServiceSessionCache.cpp
+++ b/shibsp/impl/StorageServiceSessionCache.cpp
@@ -891,7 +891,9 @@ SSCache::~SSCache()
 
 void SSCache::test()
 {
-    auto_ptr_char temp(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* wide = SAMLConfig::getConfig().generateIdentifier();
+    auto_ptr_char temp(wide);
+    XMLString::release(&wide);
     m_storage->createString("SessionCacheTest", temp.get(), "Test", time(nullptr) + 60);
     m_storage->deleteString("SessionCacheTest", temp.get());
 }
Shibboleth SP