[Libreoffice-commits] core.git: Branch 'distro/collabora/co-2021' - xmlsecurity/inc xmlsecurity/source

Tue, 21 Dec 2021 07:18:49 -0800 

 xmlsecurity/inc/xmlsec-wrapper.h                               |    4 ++++
 xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx |    4 ++++
 xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx         |    4 ++++
 3 files changed, 12 insertions(+)

New commits:
commit 2704f3a5971024f3c23338166ff719436fe5c9c7
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Dec 20 17:05:44 2021 +0000
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Tue Dec 21 16:17:38 2021 +0100

    only use X509Data
    
    Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>
    (cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)

diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h
index c060c8bf23b8..2d06dcfdd549 100644
--- a/xmlsecurity/inc/xmlsec-wrapper.h
+++ b/xmlsecurity/inc/xmlsec-wrapper.h
@@ -43,6 +43,10 @@
 #include <xmlsec/nss/app.h>
 #include <xmlsec/nss/crypto.h>
 #include <xmlsec/nss/pkikeys.h>
+#include <xmlsec/nss/x509.h>
+#endif
+#ifdef XMLSEC_CRYPTO_MSCRYPTO
+#include <xmlsec/mscng/x509.h>
 #endif
 
 #endif
diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx 
b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
index c699c950f351..359e4ce2dd49 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
@@ -233,6 +233,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
     // We do certificate verification ourselves.
     pDsigCtx->keyInfoReadCtx.flags |= 
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
 
+    // limit possible key data to valid X509 certificates only, no KeyValues
+    if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST 
xmlSecMSCngKeyDataX509GetKlass()) < 0)
+        throw RuntimeException("failed to limit allowed key data");
+
     //Verify signature
     //The documentation says that the signature is only valid if the return 
value is 0 (that is, not < 0)
     //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not 
make any assumptions, if
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx 
b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
index f8d35af434c9..ae7e05b378ad 100644
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
@@ -247,6 +247,10 @@ SAL_CALL XMLSignature_NssImpl::validate(
         // We do certificate verification ourselves.
         pDsigCtx->keyInfoReadCtx.flags |= 
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
 
+        // limit possible key data to valid X509 certificates only, no 
KeyValues
+        if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), 
BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0)
+            throw RuntimeException("failed to limit allowed key data");
+
         xmlBufferPtr pBuf = xmlBufferCreate();
         xmlNodeDump(pBuf, nullptr, pNode, 0, 0);
         SAL_INFO("xmlsecurity.xmlsec", "xmlSecDSigCtxVerify input XML node is 
'"

Reply via email to