You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2009/07/14 21:03:52 UTC

svn commit: r794017 - in /xml/security/trunk/c: CHANGELOG.txt configure.ac src/dsig/DSIGAlgorithmHandlerDefault.cpp src/dsig/DSIGSignature.cpp src/framework/XSECW32Config.hpp src/framework/version.rc xml-security-c.spec

Author: scantor
Date: Tue Jul 14 19:03:52 2009
New Revision: 794017

URL: http://svn.apache.org/viewvc?rev=794017&view=rev
Log:
Fix for HMAC vulnerability and bump release number.

Modified:
    xml/security/trunk/c/CHANGELOG.txt
    xml/security/trunk/c/configure.ac
    xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp
    xml/security/trunk/c/src/dsig/DSIGSignature.cpp
    xml/security/trunk/c/src/framework/XSECW32Config.hpp
    xml/security/trunk/c/src/framework/version.rc
    xml/security/trunk/c/xml-security-c.spec

Modified: xml/security/trunk/c/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/CHANGELOG.txt?rev=794017&r1=794016&r2=794017&view=diff
==============================================================================
--- xml/security/trunk/c/CHANGELOG.txt (original)
+++ xml/security/trunk/c/CHANGELOG.txt Tue Jul 14 19:03:52 2009
@@ -1,6 +1,7 @@
 Changes since 1.5
 =====================================
 * Fix Sparc compilation bug (SC)
+* Fix for CVE-2009-0217 (SC)
 
 Changes between version 1.4 and 1.5
 =====================================

Modified: xml/security/trunk/c/configure.ac
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/configure.ac?rev=794017&r1=794016&r2=794017&view=diff
==============================================================================
--- xml/security/trunk/c/configure.ac (original)
+++ xml/security/trunk/c/configure.ac Tue Jul 14 19:03:52 2009
@@ -19,12 +19,12 @@
 
 # Process this file with autoconf to produce a configure script
 
-AC_INIT([[XML-Security-C]], [1.5.0], [security-dev@xml.apache.org], [xml-security-c])
+AC_INIT([[XML-Security-C]], [1.5.1], [security-dev@xml.apache.org], [xml-security-c])
 AC_CONFIG_AUX_DIR([config])
 
 # kick off automake
 
-AM_INIT_AUTOMAKE(xml-security-c, 1.5.0)
+AM_INIT_AUTOMAKE(xml-security-c, 1.5.1)
 sinclude(m4/acx_pthread.m4)
 AM_PROG_LIBTOOL
 

Modified: xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp?rev=794017&r1=794016&r2=794017&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp Tue Jul 14 19:03:52 2009
@@ -459,6 +459,12 @@
 		}
 
 		// Signature already created, so just translate to base 64 and enter string
+
+        // FIX: CVE-2009-0217
+        if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
+            throw XSECException(XSECException::AlgorithmMapperError,
+                "HMACOutputLength set to unsafe value.");
+        }
 		
 		convertRawToBase64String(b64SB, 
 								hash, 
@@ -560,7 +566,14 @@
 	case (XSECCryptoKey::KEY_HMAC) :
 
 		// Already done - just compare calculated value with read value
-		sigVfyRet = compareBase64StringToRaw(sig, 
+
+        // FIX: CVE-2009-0217
+        if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
+            throw XSECException(XSECException::AlgorithmMapperError,
+                "HMACOutputLength set to unsafe value.");
+        }
+
+	    sigVfyRet = compareBase64StringToRaw(sig,
 			hash, 
 			hashLen,
 			outputLength);

Modified: xml/security/trunk/c/src/dsig/DSIGSignature.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGSignature.cpp?rev=794017&r1=794016&r2=794017&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGSignature.cpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGSignature.cpp Tue Jul 14 19:03:52 2009
@@ -1042,6 +1042,13 @@
 
 	}
 
+	// FIX: CVE-2009-0217
+
+	if (mp_signedInfo->getHMACOutputLength() > 0 && mp_signedInfo->getHMACOutputLength() < 80) {
+	    throw XSECException(XSECException::SigVfyError,
+            "DSIGSignature::verify() - HMACOutputLength is unsafe");
+	}
+
 	// Try to find a key
 	if (mp_signingKey == NULL) {
 

Modified: xml/security/trunk/c/src/framework/XSECW32Config.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/framework/XSECW32Config.hpp?rev=794017&r1=794016&r2=794017&view=diff
==============================================================================
--- xml/security/trunk/c/src/framework/XSECW32Config.hpp (original)
+++ xml/security/trunk/c/src/framework/XSECW32Config.hpp Tue Jul 14 19:03:52 2009
@@ -38,7 +38,7 @@
 
 #define XSEC_VERSION_MAJOR   1
 #define XSEC_VERSION_MEDIUM  5
-#define XSEC_VERSION_MINOR   0
+#define XSEC_VERSION_MINOR   1
 
 /*
  * Because we don't have a configure script, we need to rely on version

Modified: xml/security/trunk/c/src/framework/version.rc
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/framework/version.rc?rev=794017&r1=794016&r2=794017&view=diff
==============================================================================
--- xml/security/trunk/c/src/framework/version.rc (original)
+++ xml/security/trunk/c/src/framework/version.rc Tue Jul 14 19:03:52 2009
@@ -54,8 +54,8 @@
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,5,0,0
- PRODUCTVERSION 1,5,0,0
+ FILEVERSION 1,5,1,0
+ PRODUCTVERSION 1,5,1,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -73,7 +73,7 @@
             VALUE "Comments", "\0"
             VALUE "CompanyName", "The Apache Software Foundation\0"
             VALUE "FileDescription", "XML Security C++ Library\0"
-            VALUE "FileVersion", "1, 5, 0, 0\0"
+            VALUE "FileVersion", "1, 5, 1, 0\0"
 #ifdef _DEBUG
             VALUE "InternalName", "xsec_1_5D\0"
 #else
@@ -88,7 +88,7 @@
 #endif
             VALUE "PrivateBuild", "\0"
             VALUE "ProductName", "XML-Security-C - C++ XML Security Library\0"
-            VALUE "ProductVersion", "1, 5, 0, 0\0"
+            VALUE "ProductVersion", "1, 5, 1, 0\0"
             VALUE "SpecialBuild", "\0"
         END
     END

Modified: xml/security/trunk/c/xml-security-c.spec
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/xml-security-c.spec?rev=794017&r1=794016&r2=794017&view=diff
==============================================================================
--- xml/security/trunk/c/xml-security-c.spec (original)
+++ xml/security/trunk/c/xml-security-c.spec Tue Jul 14 19:03:52 2009
@@ -1,5 +1,5 @@
 Name:           xml-security-c
-Version:        1.5.0
+Version:        1.5.1
 Release:        1
 Summary:        C++ XML security library