saml icon indicating copy to clipboard operation
saml copied to clipboard

Published 20 hours ago verified publisher icon crewjam

ParseXMLResponse panics if empty XML is provided

Open symtor opened this issue 2 years ago • 0 comments

In version 0.4.9 and 0.4.10:

Regression added via commit https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b : When I call ParseXMLResponse(decodedResponseXML []byte, possibleRequestIDs []string) with an empty document ([]byte{}), doc.Root() is nil but gets passed into parseResponse(). No further input validation is performed, so there's a panic when the code attempts to access the node's data.

symtor avatar Nov 30 '22 18:11 symtor