Shibboleth SP issue - empty entityID causes seg fault
Iain Hadgraft
iain.hadgraft at duke.edu
Tue Feb 11 09:58:52 EST 2020
Hello,
I have come across a reproducible issue with Shibboleth SP that I experienced on CentOS 7. The attached Dockerfile provides a demonstration of two scenarios: one when entityID is set to a value, and another when entityID is an empty string. In the scenario where entityID is an empty string, shibd crashes with a seg fault. More specific documentation is contained within the Dockerfile.
This was discovered when a templated shibboleth2.xml file wasn't getting a value for entityID due to a typo. It's probably rare that this would affect users, but I thought it might be useful to share due to the indication of an unhandled condition.
Thanks,
Iain
----------------------------
Iain Hadgraft
Web Developer
Duke University Office of
Information Technology
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Dockerfile.txt
URL: <http://shibboleth.net/pipermail/users/attachments/20200211/e2f3ed44/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5191 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20200211/e2f3ed44/attachment.p7s>
More information about the users
mailing list