diff options
Diffstat (limited to 'dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch')
| -rw-r--r-- | dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch deleted file mode 100644 index 7abc765c2984..000000000000 --- a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6312a41e037954850867f29d329e5007df1424a5 Mon Sep 17 00:00:00 2001 -From: Ioannis Kakavas <ikakavas@noc.grnet.gr> -Date: Tue, 12 Sep 2017 12:22:47 +0300 -Subject: [PATCH] Quick fix for the authentication bypass due to optimizations - #451 - ---- - src/saml2/authn.py | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/saml2/authn.py b/src/saml2/authn.py -index 1f2d02cf..1e1a220b 100644 ---- a/src/saml2/authn.py -+++ b/src/saml2/authn.py -@@ -146,7 +146,8 @@ def __call__(self, cookie=None, policy_url=None, logo_url=None, - return resp - - def _verify(self, pwd, user): -- assert is_equal(pwd, self.passwd[user]) -+ if not is_equal(pwd, self.passwd[user]): -+ raise ValueError("Wrong password") - - def verify(self, request, **kwargs): - """ -@@ -176,7 +177,7 @@ def verify(self, request, **kwargs): - return_to = create_return_url(self.return_to, _dict["query"][0], - **{self.query_param: "true"}) - resp = Redirect(return_to, headers=[cookie]) -- except (AssertionError, KeyError): -+ except (ValueError, KeyError): - resp = Unauthorized("Unknown user or wrong password") - - return resp |