configure.ac | 2 +- xmlsecurity/inc/xmlsec-wrapper.h | 4 ++++ xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 4 ++++ xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 4 ++++ 4 files changed, 13 insertions(+), 1 deletion(-)
New commits: commit eae20c95fb1d4ca7a720ab1833fe6117ebfdfad0 Author: Andras Timar <andras.ti...@collabora.com> AuthorDate: Tue Dec 21 16:22:59 2021 +0100 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Dec 21 16:22:59 2021 +0100 Bump version to 6.4-53 Change-Id: I02d59387f4e660f292f3a5205f36be27338b411c diff --git a/configure.ac b/configure.ac index b71a881089bf..7145e2453487 100644 --- a/configure.ac +++ b/configure.ac @@ -9,7 +9,7 @@ dnl in order to create a configure script. # several non-alphanumeric characters, those are split off and used only for the # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea. -AC_INIT([Collabora Office],[6.4.10.52],[],[],[https://collaboraoffice.com/]) +AC_INIT([Collabora Office],[6.4.10.53],[],[],[https://collaboraoffice.com/]) dnl libnumbertext needs autoconf 2.68, but that can pick up autoconf268 just fine if it is installed dnl whereas aclocal (as run by autogen.sh) insists on using autoconf and fails hard commit 02d498164c95f0f984b6aae63718be34dd4a555f Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Mon Dec 20 17:05:44 2021 +0000 Commit: Andras Timar <andras.ti...@collabora.com> CommitDate: Tue Dec 21 16:15:01 2021 +0100 only use X509Data Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmik...@collabora.com> (cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff) diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h index c060c8bf23b8..2d06dcfdd549 100644 --- a/xmlsecurity/inc/xmlsec-wrapper.h +++ b/xmlsecurity/inc/xmlsec-wrapper.h @@ -43,6 +43,10 @@ #include <xmlsec/nss/app.h> #include <xmlsec/nss/crypto.h> #include <xmlsec/nss/pkikeys.h> +#include <xmlsec/nss/x509.h> +#endif +#ifdef XMLSEC_CRYPTO_MSCRYPTO +#include <xmlsec/mscng/x509.h> #endif #endif diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx index db400e6f1ed9..6e4ca3d4e2c0 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx @@ -229,6 +229,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + // limit possible key data to valid X509 certificates only, no KeyValues + if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0) + throw RuntimeException("failed to limit allowed key data"); + //Verify signature //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0) //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx index 9d2a5251026a..6f70f76d23be 100644 --- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx @@ -244,6 +244,10 @@ SAL_CALL XMLSignature_NssImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + // limit possible key data to valid X509 certificates only, no KeyValues + if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0) + throw RuntimeException("failed to limit allowed key data"); + //Verify signature int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );