From 81fec9eda9d88d128923ab0149217d286637c2af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 11 Mar 2008 14:13:07 +0000
Subject: [PATCH] Improved error handling when parsing logout messages
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@385 44740490-163a-0410-bde0-09ae8108e29a
---
.../Bindings/SAML20/HTTPRedirect.php | 24 +++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php b/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
index a060f4def..295d852c6 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
@@ -241,7 +241,17 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
$relaystate = NULL;
}
- $samlRequestXML = gzinflate(base64_decode( $rawRequest ));
+ $decodedRequest = @base64_decode($rawRequest, TRUE);
+ if (!$decodedRequest) {
+ throw new Exception('Could not base64 decode SAMLRequest GET parameter');
+ }
+
+ $samlRequestXML = @gzinflate($decodedRequest);
+ if (!$samlRequestXML) {
+ $error = error_get_last();
+ throw new Exception('Could not gzinflate base64 decoded SAMLRequest: ' . $error['message'] );
+ }
+
$samlRequest = new SimpleSAML_XML_SAML20_LogoutRequest($this->configuration, $this->metadata);
@@ -269,7 +279,17 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
$relaystate = NULL;
}
- $samlRequestXML = gzinflate(base64_decode( $rawRequest ));
+ $decodedRequest = @base64_decode($rawRequest, TRUE);
+ if (!$decodedRequest) {
+ throw new Exception('Could not base64 decode SAMLRequest GET parameter');
+ }
+
+ $samlRequestXML = @gzinflate($decodedRequest);
+ if (!$samlRequestXML) {
+ $error = error_get_last();
+ throw new Exception('Could not gzinflate base64 decoded SAMLRequest: ' . $error['message'] );
+ }
+
$samlRequest = new SimpleSAML_XML_SAML20_LogoutResponse($this->configuration, $this->metadata);
--
GitLab