[shibboleth-sp2] 01/01: Security fix from V2.5.4 for CVE-2015-2684 backported to V2.4.3
Ferenc Wágner
wferi-guest at moszumanska.debian.org
Tue Mar 24 07:57:41 UTC 2015
This is an automated email from the git hooks/post-receive script.
wferi-guest pushed a commit to branch wheezy
in repository shibboleth-sp2.
commit c88ed3469fd82a8ad975190bf8635597a6b117ca
Author: Ferenc Wágner <wferi at niif.hu>
Date: Tue Mar 17 15:09:39 2015 +0100
Security fix from V2.5.4 for CVE-2015-2684 backported to V2.4.3
Shibboleth SP software crashes on malformed input messages
===============================================================
The SP software includes an authenticated denial of service
vulnerability that results in a crash on certain kinds of malformed
SAML messages. The vulnerability is only triggered when special
conditions are met and after a message or assertion signature
has been verified, so exploitation requires a message produced
under a trusted key, limiting the impact.
URL for the full Security Advisory:
http://shibboleth.net/community/advisories/secadv_20150313.txt
---
debian/changelog | 8 ++++++++
shibsp/handler/impl/SAML2Consumer.cpp | 4 ++++
shibsp/impl/StorageServiceSessionCache.cpp | 2 +-
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 743b6d8..b31f64b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+shibboleth-sp2 (2.4.3+dfsg-5+deb7u1) wheezy-security; urgency=high
+
+ * Backport security fix from V2.5.4 for CVE-2015-2684: authenticated
+ denial of service vulnerability that results in a crash on certain
+ kinds of malformed SAML messages.
+
+ -- Ferenc Wagner <wferi at niif.hu> Tue, 24 Mar 2015 08:14:42 +0100
+
shibboleth-sp2 (2.4.3+dfsg-5) unstable; urgency=low
* Fix syntax error in the update-rc.d invocation for shibd, which was
diff --git a/shibsp/handler/impl/SAML2Consumer.cpp b/shibsp/handler/impl/SAML2Consumer.cpp
index 6af77e7..1d2694b 100644
--- a/shibsp/handler/impl/SAML2Consumer.cpp
+++ b/shibsp/handler/impl/SAML2Consumer.cpp
@@ -42,6 +42,7 @@
# include <xmltooling/XMLToolingConfig.h>
# include <xmltooling/io/HTTPRequest.h>
# include <xmltooling/util/DateTime.h>
+# include <xmltooling/validation/ValidatorSuite.h>
using namespace opensaml::saml2;
using namespace opensaml::saml2p;
using namespace opensaml::saml2md;
@@ -294,6 +295,9 @@ void SAML2Consumer::implementProtocol(
continue;
try {
+ // Run the schema validators against the assertion, since it was hidden by encryption.
+ SchemaValidators.validate(decrypted);
+
// We clear the security flag, so we can tell whether the token was secured on its own.
policy.setAuthenticated(false);
policy.reset(true);
diff --git a/shibsp/impl/StorageServiceSessionCache.cpp b/shibsp/impl/StorageServiceSessionCache.cpp
index 8d060e9..d0cba21 100644
--- a/shibsp/impl/StorageServiceSessionCache.cpp
+++ b/shibsp/impl/StorageServiceSessionCache.cpp
@@ -1038,7 +1038,7 @@ void SSCache::insert(
// Store the reverse mapping for logout.
try {
- if (nameid)
+ if (name.get() && *name.get())
insert(key.get(), expires, name.get(), index.get());
}
catch (exception& ex) {
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list