[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated: ensure ticket contains clie
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnunet] branch master updated: ensure ticket contains client id |
Date: |
Sun, 22 Jul 2018 18:01:52 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 8b67e9b5f ensure ticket contains client id
8b67e9b5f is described below
commit 8b67e9b5f905ff80ee73300bbb278c00e36b9bca
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Sun Jul 22 18:01:50 2018 +0200
ensure ticket contains client id
---
src/reclaim/plugin_rest_openid_connect.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/src/reclaim/plugin_rest_openid_connect.c
b/src/reclaim/plugin_rest_openid_connect.c
index a2d32e126..876e221b5 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -795,7 +795,8 @@ oidc_iteration_error (void *cls)
}
static int
-parse_authz_code (const char* code,
+parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+ const char* code,
struct GNUNET_RECLAIM_Ticket **ticket,
char **nonce)
{
@@ -868,6 +869,19 @@ parse_authz_code (const char* code,
memcpy (*ticket,
&purpose[1],
sizeof (struct GNUNET_RECLAIM_Ticket));
+ if (0 != memcmp (audience,
+ &(*ticket)->audience,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+ {
+ GNUNET_free (purpose);
+ GNUNET_free (*ticket);
+ json_decref (code_json);
+ *ticket = NULL;
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Audience in ticket does not match client!\n");
+ return GNUNET_SYSERR;
+
+ }
if (NULL != nonce_str)
memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket),
nonce_str,
@@ -1669,8 +1683,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle
*con_handle,
}
//decode code
+ struct GNUNET_CRYPTO_EcdsaPublicKey cid;
+ GNUNET_STRINGS_string_to_data (client_id,
+ strlen(client_id),
+ &cid,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
struct GNUNET_RECLAIM_Ticket *ticket;
- if(GNUNET_OK != parse_authz_code (code,
+ if(GNUNET_OK != parse_authz_code (&cid,
+ code,
&ticket,
&nonce))
{
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnunet] branch master updated: ensure ticket contains client id,
gnunet <=