File CVE-2025-46404.patch of Package lasso.41555

From c880cad13732bcb50cbd9fa376ea39edb53e7d68 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 15 May 2025 15:51:08 +0200
Subject: [PATCH] misc: check xmlSecGetNodeNsHref for possible NULL result
 (#105693)

---
 lasso/id-ff/provider.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index 1dcd1b02..e3c9dce5 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -1364,8 +1364,8 @@ lasso_provider_verify_saml_signature(LassoProvider *provider,
 
 	/* ID-FF 1.2 Signatures case */
 	node_ns = xmlSecGetNodeNsHref(signed_node);
-	if ((strcmp((char*)node_ns, LASSO_SAML2_PROTOCOL_HREF) == 0) ||
-			(strcmp((char*)node_ns, LASSO_SAML2_ASSERTION_HREF) == 0)) {
+	if (node_ns && ((strcmp((char*)node_ns, LASSO_SAML2_PROTOCOL_HREF) == 0) ||
+			(strcmp((char*)node_ns, LASSO_SAML2_ASSERTION_HREF) == 0))) {
 		id_attribute_name = "ID";
 	} else if (xmlSecCheckNodeName(signed_node, (xmlChar*)"Request", (xmlChar*)LASSO_SAML_PROTOCOL_HREF)) {
 		id_attribute_name = "RequestID";