Security fix diffs for 2.x

Ferenc Wagner wferi at
Wed Nov 25 18:35:36 UTC 2009

"Scott Cantor" <cantor.2 at> writes:

> Ferenc Wagner wrote on 2009-11-24:
>> But now I wonder why the implementations in SAMLConfig.cpp and
>> SPConfig.cpp wouldn't clash...  Shouldn't one be renamed at least?  I
>> fear these won't be usable together, but can't check it right now.
> They'd be in different C++ namespaces, or could be static members of
> different classes, or both.

To my great surprise they actually work together, though currently
neither is the case (with yesterday's patches).  Behold:

$ objdump -CT /usr/lib/ | grep HTTPResponse_
002069a0 g    DF .text	0000029a  Base        HTTPResponse_sanitizeURL(char const*)
$ objdump -CT /usr/lib/ | grep HTTPResponse_
00065610 g    DF .text	000002aa  Base        HTTPResponse_sanitizeURL(char const*)
000658c0 g    DF .text	00000028  Base        HTTPResponse_sendRedirect(char const*)
00064f40 g    DF .text	00000160  Base        HTTPResponse_setResponseHeader(char const*, char const*)

Also, please send some test cases to me privately, I've created the test

More information about the Pkg-shibboleth-devel mailing list