From 26c9da40d44f1469df97398362667c74553be7d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= Date: Mon, 20 Dec 2021 17:05:44 +0000 Subject: [PATCH] only use X509Data Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193 Tested-by: Jenkins Reviewed-by: Miklos Vajna (cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178 Reviewed-by: Adolfo Jayme Barrientos (cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139) --- .../source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 6 ++++++ xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx index c699c950f351..9f816479f9dd 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx @@ -22,6 +22,8 @@ #include #include +#include + #include #include @@ -233,6 +235,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + // limit possible key data to valid X509 certificates only, no KeyValues + if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0) + throw RuntimeException("failed to limit allowed key data"); + //Verify signature //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0) //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx index b41d754f7407..975c17272dc7 100644 --- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx @@ -20,6 +20,8 @@ #include #include +#include + #include #include #include @@ -247,6 +249,10 @@ SAL_CALL XMLSignature_NssImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + // limit possible key data to valid X509 certificates only, no KeyValues + if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0) + throw RuntimeException("failed to limit allowed key data"); + //Verify signature int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode ); -- 2.35.1