From 6bdda9170a8f1757dabc5b109958657417728018 Mon Sep 17 00:00:00 2001 From: Olav Morken Date: Tue, 24 May 2016 10:29:38 +0200 Subject: [PATCH] Fix segmentation fault when receiving badly formed logout message. If the logout message is badly formed, we won't get the entityID in `logout->parent.remote_providerID`. If we call `apr_hash_get()` with a null pointer, it will cause a segmentation fault. Add a check to validate that the entityID is correctly set. --- auth_mellon_handler.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index ffc7ff7..748ec45 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -678,7 +678,8 @@ static int am_handle_logout_request(request_rec *r, /* Process the logout message. Ignore missing signature. */ res = lasso_logout_process_request_msg(logout, msg); #ifdef HAVE_lasso_profile_set_signature_verify_hint - if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { + if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND && + logout->parent.remote_providerID != NULL) { if (apr_hash_get(cfg->do_not_verify_logout_signature, logout->parent.remote_providerID, APR_HASH_KEY_STRING)) { @@ -787,7 +788,8 @@ static int am_handle_logout_response(request_rec *r, LassoLogout *logout) res = lasso_logout_process_response_msg(logout, r->args); #ifdef HAVE_lasso_profile_set_signature_verify_hint - if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { + if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND && + logout->parent.remote_providerID != NULL) { if (apr_hash_get(cfg->do_not_verify_logout_signature, logout->parent.remote_providerID, APR_HASH_KEY_STRING)) {