You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2013/06/18 00:26:41 UTC
svn commit: r1493959 - in /santuario/xml-security-cpp/trunk/xsec/dsig:
DSIGReference.cpp DSIGSignedInfo.cpp
Author: scantor
Date: Mon Jun 17 22:26:41 2013
New Revision: 1493959
URL: http://svn.apache.org/r1493959
Log:
CVE-2013-2153, CVE-2013-2154
Modified:
santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp
santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp?rev=1493959&r1=1493958&r2=1493959&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp Mon Jun 17 22:26:41 2013
@@ -516,17 +516,15 @@ TXFMBase * DSIGReference::getURIBaseTXFM
}
else if (URI[9] == XERCES_CPP_NAMESPACE_QUALIFIER chOpenParen &&
- URI[10] == XERCES_CPP_NAMESPACE_QUALIFIER chLatin_i &&
- URI[11] == XERCES_CPP_NAMESPACE_QUALIFIER chLatin_d &&
- URI[12] == XERCES_CPP_NAMESPACE_QUALIFIER chOpenParen &&
- URI[13] == XERCES_CPP_NAMESPACE_QUALIFIER chSingleQuote) {
+ URI[10] == XERCES_CPP_NAMESPACE_QUALIFIER chLatin_i &&
+ URI[11] == XERCES_CPP_NAMESPACE_QUALIFIER chLatin_d &&
+ URI[12] == XERCES_CPP_NAMESPACE_QUALIFIER chOpenParen &&
+ URI[13] == XERCES_CPP_NAMESPACE_QUALIFIER chSingleQuote) {
xsecsize_t len = XMLString::stringLen(&URI[14]);
- XMLCh tmp[512];
-
- if (len > 511)
- len = 511;
+ XMLCh* tmp = new XMLCh[len + 1];
+ ArrayJanitor<XMLCh> j_tmp(tmp);
xsecsize_t j = 14, i = 0;
@@ -630,9 +628,14 @@ void DSIGReference::load(void) {
// Now check for Transforms
tmpElt = mp_referenceNode->getFirstChild();
- while (tmpElt != 0 && (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE))
+ while (tmpElt != 0 && (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE)) {
+ if (tmpElt->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <Reference> are unsupported.");
+ }
// Skip text and comments
tmpElt = tmpElt->getNextSibling();
+ }
if (tmpElt == 0) {
@@ -651,13 +654,19 @@ void DSIGReference::load(void) {
// Find next node
tmpElt = tmpElt->getNextSibling();
- while (tmpElt != 0 && (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE))
+ while (tmpElt != 0 && (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE)) {
+ if (tmpElt->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <Reference> are unsupported.");
+ }
tmpElt = tmpElt->getNextSibling();
+ }
} /* if tmpElt node type = transforms */
- else
+ else {
mp_transformList = NULL;
+ }
if (tmpElt == NULL || !strEquals(getDSIGLocalName(tmpElt), "DigestMethod")) {
@@ -692,8 +701,14 @@ void DSIGReference::load(void) {
tmpElt = tmpElt->getNextSibling();
- while (tmpElt != 0 && !(strEquals(getDSIGLocalName(tmpElt), "DigestValue")))
+ while (tmpElt != 0 &&
+ (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE || !strEquals(getDSIGLocalName(tmpElt), "DigestValue"))) {
+ if (tmpElt->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <Reference> are unsupported.");
+ }
tmpElt = tmpElt->getNextSibling();
+ }
if (tmpElt == 0) {
@@ -731,8 +746,13 @@ void DSIGReference::load(void) {
// Find Manifest child
manifestNode = manifestNode->getFirstChild();
- while (manifestNode != 0 && manifestNode->getNodeType() != DOMNode::ELEMENT_NODE)
+ while (manifestNode != 0 && manifestNode->getNodeType() != DOMNode::ELEMENT_NODE) {
+ if (manifestNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <Reference> are unsupported.");
+ }
manifestNode = manifestNode->getNextSibling();
+ }
if (manifestNode == 0 || !strEquals(getDSIGLocalName(manifestNode), "Manifest"))
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
@@ -743,8 +763,14 @@ void DSIGReference::load(void) {
// Now have the manifest node, find the first reference and load!
referenceNode = manifestNode->getFirstChild();
- while (referenceNode != 0 && !strEquals(getDSIGLocalName(referenceNode), "Reference"))
+ while (referenceNode != 0 &&
+ (referenceNode->getNodeType() != DOMNode::ELEMENT_NODE || !strEquals(getDSIGLocalName(referenceNode), "Reference"))) {
+ if (referenceNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <Reference> are unsupported.");
+ }
referenceNode = referenceNode->getNextSibling();
+ }
if (referenceNode == 0)
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
@@ -797,8 +823,13 @@ DSIGReferenceList *DSIGReference::loadRe
// Find next element Node
tmpRef = tmpRef->getNextSibling();
- while (tmpRef != 0 && tmpRef->getNodeType() != DOMNode::ELEMENT_NODE)
+ while (tmpRef != 0 && tmpRef->getNodeType() != DOMNode::ELEMENT_NODE) {
+ if (tmpRef->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <Reference> are unsupported.");
+ }
tmpRef = tmpRef->getNextSibling();
+ }
}
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp?rev=1493959&r1=1493958&r2=1493959&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp Mon Jun 17 22:26:41 2013
@@ -299,9 +299,14 @@ void DSIGSignedInfo::load(void) {
// Check for CanonicalizationMethod
- while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE))
+ while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) {
+ if (tmpSI->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <SignedInfo> are unsupported.");
+ }
// Skip text and comments
tmpSI = tmpSI->getNextSibling();
+ }
if (tmpSI == 0 || !strEquals(getDSIGLocalName(tmpSI), "CanonicalizationMethod")) {
@@ -362,17 +367,23 @@ void DSIGSignedInfo::load(void) {
}
- else
+ else {
throw XSECException(XSECException::UnknownCanonicalization);
+ }
// Now load the SignatureMethod
tmpSI = tmpSI->getNextSibling();
- while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE))
+ while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) {
+ if (tmpSI->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <SignedInfo> are unsupported.");
+ }
// Skip text and comments
tmpSI = tmpSI->getNextSibling();
+ }
if (tmpSI == 0 || !strEquals(getDSIGLocalName(tmpSI), "SignatureMethod")) {
@@ -406,10 +417,14 @@ void DSIGSignedInfo::load(void) {
* longer know at this point if this is an HMAC, we need to check. */
DOMNode *tmpSOV = tmpSI->getFirstChild();
- while (tmpSOV != NULL &&
- tmpSOV->getNodeType() != DOMNode::ELEMENT_NODE &&
- !strEquals(getDSIGLocalName(tmpSOV), "HMACOutputLength"))
+ while (tmpSOV != NULL &&
+ (tmpSOV->getNodeType() != DOMNode::ELEMENT_NODE || !strEquals(getDSIGLocalName(tmpSOV), "HMACOutputLength"))) {
+ if (tmpSOV->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <SignedInfo> are unsupported.");
+ }
tmpSOV = tmpSOV->getNextSibling();
+ }
if (tmpSOV != NULL) {
@@ -433,9 +448,14 @@ void DSIGSignedInfo::load(void) {
// Run through the rest of the elements until done
- while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE))
+ while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) {
+ if (tmpSI->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "EntityReference nodes in <SignedInfo> are unsupported.");
+ }
// Skip text and comments
tmpSI = tmpSI->getNextSibling();
+ }
if (tmpSI != NULL) {