ActivateSession: empty client signature leads to server segmentation fault
Description
During ActivateSession, if the client sends an empty signature then the server stops with a segmentation fault.
Analysis
No verification is done on client SignatureData parameter before accessing to data (algorithm or signature content). Therefore a NULL pointer is provided in a call to memcmp or strncmp and it leads to the segmentation fault.
Moreover the OpcUa_BadApplicationSignatureInvalid status code is never returned and should be use in this case.
Edited by Vincent Monfort