entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity
lasso/lasso
History
Benjamin Dauvergne ea7e5efe97 Fix signature checking on unsigned response with multiple assertions 
CVE-2021-28091 : when AuthnResponse messages are not signed (which is
permitted by the specifiation), all assertion's signatures should be
checked, but currently after the first signed assertion is checked all
following assertions are accepted without checking their signature, and
the last one is considered the main assertion.

This patch :
* check signatures from all assertions if the message is not signed,
* refuse messages with assertion from different issuers than the one on
  the message, to prevent assertion bundling event if they are signed.
 		2021-06-01 11:50:53 +02:00
..
id-ff Fix: new provider reference count is incremented one time too many (#51420) 2021-02-25 10:10:03 +01:00
id-wsf misc: clear warnings about class_init signature using coccinelle 2020-03-26 22:52:49 +01:00
id-wsf-2.0 misc: clear warnings about class_init signature using coccinelle 2020-03-26 22:52:49 +01:00
saml-2.0 Fix signature checking on unsigned response with multiple assertions 2021-06-01 11:50:53 +02:00
xml replace deprecated index() by strchr() (#51385) 2021-02-26 16:31:53 +01:00
Makefile.am Use python interpreter specified configure script 2018-07-24 11:03:09 +02:00
backward_comp.h Fix license boilerplates 2013-12-03 21:55:06 +01:00
build_strerror.py Make Python scripts compatible with both Py2 and Py3 2018-07-24 11:03:09 +02:00
ctypes.h Fix license boilerplates 2013-12-03 21:55:06 +01:00
debug.h add a pem-public-key runtime flag 2018-05-01 11:13:08 +02:00
errors.c.in Fix license boilerplates 2013-12-03 21:55:06 +01:00
errors.h Add new error codes and their matching error descriptions 2015-08-24 16:05:29 +02:00
export.h Fix license boilerplates 2013-12-03 21:55:06 +01:00
extract_sections.py Use io.open(encoding=utf8) in extract_symbols/sections.py (fixes #33360) 2019-05-23 10:07:31 +02:00
extract_symbols.py Use io.open(encoding=utf8) in extract_symbols/sections.py (fixes #33360) 2019-05-23 10:07:31 +02:00
extract_types.py Sort input file lists (#40454) 2020-03-05 12:51:17 +01:00
key.c misc: clear warnings about class_init signature using coccinelle 2020-03-26 22:52:49 +01:00
key.h Fix license boilerplates 2013-12-03 21:55:06 +01:00
keyprivate.h Fix license boilerplates 2013-12-03 21:55:06 +01:00
lasso.c add a pem-public-key runtime flag 2018-05-01 11:13:08 +02:00
lasso.h Fix license boilerplates 2013-12-03 21:55:06 +01:00
lasso_config.h.in Core: move logging function and macros to their own module, adapt perl binding 2010-06-12 00:43:49 +00:00
logging.c Fix license boilerplates 2013-12-03 21:55:06 +01:00
logging.h export symbol lasso_log (#33784) 2019-07-02 11:57:08 +02:00
registry-private.h Fix license boilerplates 2013-12-03 21:55:06 +01:00
registry.c Fix license boilerplates 2013-12-03 21:55:06 +01:00
registry.h Fix license boilerplates 2013-12-03 21:55:06 +01:00
utils.c Fix license boilerplates 2013-12-03 21:55:06 +01:00
utils.h misc: clear warnings about class_init signature using coccinelle 2020-03-26 22:52:49 +01:00