[opensaml2] 25/38: SSPCPP-684 Use new function in ReloadableXMLFile to work round XERCES Bug
Ferenc Wágner
wferi at moszumanska.debian.org
Tue Aug 30 20:53:57 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch master
in repository opensaml2.
commit 45eeb69937bcae95cc8e75a442ccaf75cc8d6e9f
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Sun Jun 5 15:41:44 2016 +0100
SSPCPP-684 Use new function in ReloadableXMLFile to work round XERCES Bug
https://issues.shibboleth.net/jira/browse/SSPCPP-684
Rather than writing the DOM out to the spool file and then commtting it,
we exploit's ReloadableXMLFile new ability to write to the spool file
as the data is coming over the wire.
The commit is as before, and we add a few deletes of the spool file in
prior to exiting with an exception.
---
saml/saml2/metadata/impl/XMLMetadataProvider.cpp | 32 +++++++++++-------------
1 file changed, 14 insertions(+), 18 deletions(-)
diff --git a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
index 6986b9d..3e4d508 100644
--- a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
@@ -196,8 +196,15 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
m_reloadInterval = m_minRefreshDelay;
}
+ string backupKey = "";
+ if (!backup && !m_backing.empty()) {
+ // We compute a random filename extension to the "real" location.
+ SAMLConfig::getConfig().generateRandomBytes(backupKey, 2);
+ backupKey = m_backing + '.' + SAMLArtifact::toHex(backupKey);
+ m_log.debug("backing up remote metadata resource to (%s)", backupKey.c_str());
+ }
// Call the base class to load/parse the appropriate XML resource.
- pair<bool,DOMElement*> raw = ReloadableXMLFile::load(backup);
+ pair<bool,DOMElement*> raw = ReloadableXMLFile::load(backup, backupKey);
// If we own it, wrap it for now.
XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : nullptr);
@@ -207,6 +214,8 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
docjanitor.release();
if (!dynamic_cast<const EntitiesDescriptor*>(xmlObject.get()) && !dynamic_cast<const EntityDescriptor*>(xmlObject.get()))
+ if (!backupKey.empty())
+ remove(backupKey.c_str());
throw MetadataException(
"Root of metadata instance not recognized: $1", params(1,xmlObject->getElementQName().toString().c_str())
);
@@ -217,32 +226,19 @@ pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
}
catch (std::exception& ex) {
m_log.error("metadata instance failed manual validation checking: %s", ex.what());
+ if (!backupKey.empty())
+ remove(backupKey.c_str());
throw MetadataException("Metadata instance failed manual validation checking.");
}
const TimeBoundSAMLObject* validityCheck = dynamic_cast<TimeBoundSAMLObject*>(xmlObject.get());
if (!validityCheck || !validityCheck->isValid()) {
m_log.error("metadata instance was invalid at time of acquisition");
+ if (!backupKey.empty())
+ remove(backupKey.c_str());
throw MetadataException("Metadata instance was invalid at time of acquisition.");
}
- // This is the best place to take a backup, since it's superficially "correct" metadata.
- string backupKey;
- if (!backup && !m_backing.empty()) {
- // We compute a random filename extension to the "real" location.
- SAMLConfig::getConfig().generateRandomBytes(backupKey, 2);
- backupKey = m_backing + '.' + SAMLArtifact::toHex(backupKey);
- m_log.debug("backing up remote metadata resource to (%s)", backupKey.c_str());
- try {
- ofstream backer(backupKey.c_str());
- backer << *(raw.second->getOwnerDocument());
- }
- catch (std::exception& ex) {
- m_log.crit("exception while backing up metadata: %s", ex.what());
- backupKey.erase();
- }
- }
-
try {
doFilters(*xmlObject);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/opensaml2.git
More information about the Pkg-shibboleth-devel
mailing list