Uploaded image for project: 'OpenSAML - C++'
  1. OpenSAML - C++
  2. CPPOST-88

Insufficient XML entity encoding in Metadata Status generation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.0, 2.5.1, 2.5.2, 2.5.3
    • Fix Version/s: 2.5.4
    • Component/s: Metadata
    • Labels:
      None
    • Environment:

      CentOS 5.9 (amd64), Shibboleth 2.5.2, OpenSAML 2.5.3, xmltooling 1.5.3, xml-security-c 1.7.2, Xerces-C 3.1.1

    • Operating System:
      Multiple
    • CPU Type:
      Multiple
    • C/C++ Compiler:
      Multiple
    • Web Server:
      Multiple

      Description

      If querid, the StatusHandler returns an XML document, which includes, amongst other information, a list of configured metadata feeds including their URI. Some entities are nor correctly escaped, thus the resulting document is non well-formed anymore.

      One of our feeds (specifically the KALMAR federation in Scandinavia) has some Characters in the URI (https://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral&set=saml2&exclude=finland) that need to be escaped in XML representation. However in the XML document produced by the StatusHandler, these entities are not properly escaped.

      We use the StatusHandler for monitoring shibd with Icinga, which now is broken for us, because the Icinga plugin cannot parse the XML document anymore.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            81p9su1rj4yyqittr+jhcse+qic=@https://idp.ids-mannheim.de/idp/shibboleth Oliver Schonefeld
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 15 minutes
                15m