From c0e60902a0cab4823323d1dd349666e7eb3781f3 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 27 May 2021 13:54:34 -0400 Subject: [PATCH] fix(saml): don't ignore the signature of messages See CVE-2021-33054 --- SoObjects/SOGo/SOGoSAML2Session.m | 1 - 1 file changed, 1 deletion(-) diff --git a/SoObjects/SOGo/SOGoSAML2Session.m b/SoObjects/SOGo/SOGoSAML2Session.m index 96ced1516..c18390e76 100644 --- a/SoObjects/SOGo/SOGoSAML2Session.m +++ b/SoObjects/SOGo/SOGoSAML2Session.m @@ -464,7 +464,6 @@ static NSMapTable *serverTable = nil; responseData = strdup ([authnResponse UTF8String]); - lasso_profile_set_signature_verify_hint(lassoLogin, LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE); rc = lasso_login_process_authn_response_msg (lassoLogin, responseData); if (rc) [NSException raiseSAML2Exception: rc];