From fe08a08923e5add99db9482a04a2d0c046363142 Mon Sep 17 00:00:00 2001
From: siarhei-haurylau <125248035+siarhei-haurylau@users.noreply.github.com>
Date: Mon, 14 Oct 2024 15:33:59 +0200
Subject: [PATCH] saml connector: fix nil pointer on validate saml (#3793)

Signed-off-by: Siarhei Haurylau <siarhei.haurylau@point-devel.com>
---
 connector/saml/saml.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/connector/saml/saml.go b/connector/saml/saml.go
index 1ab8e544..bc8ef726 100644
--- a/connector/saml/saml.go
+++ b/connector/saml/saml.go
@@ -597,6 +597,9 @@ func verifyResponseSig(validator *dsig.ValidationContext, data []byte) (signed [
 	}
 
 	response := doc.Root()
+	if response == nil {
+		return nil, false, fmt.Errorf("parse document: empty root")
+	}
 	transformedResponse, err := validator.Validate(response)
 	if err == nil {
 		// Root element is verified, return it.
@@ -609,7 +612,7 @@ func verifyResponseSig(validator *dsig.ValidationContext, data []byte) (signed [
 	//
 	// TODO: Only select from child elements of the root.
 	assertion, err := etreeutils.NSSelectOne(response, "urn:oasis:names:tc:SAML:2.0:assertion", "Assertion")
-	if err != nil {
+	if err != nil || assertion == nil {
 		return nil, false, fmt.Errorf("response does not contain an Assertion element")
 	}
 	transformedAssertion, err := validator.Validate(assertion)
-- 
GitLab