Security update for xml-security-c
Russ Allbery
rra at debian.org
Fri Jul 24 22:46:56 UTC 2009
[ Copy of the mail to team at security.debian.org that I sent to the wrong
address at first. ]
I've prepared a security update for xml-security-c and am looking for
permission to upload to stable-security. Attached below is the diff. I'm
working on a patch for oldstable now.
This is the upstream fix for CVE-2009-0217. See also:
http://www.kb.cert.org/vuls/id/466161
https://issues.apache.org/bugzilla/show_bug.cgi?id=47527
1.4.0-4 has already been uploaded to unstable with this fix.
diff --git a/debian/changelog b/debian/changelog
index f77f4b1..26f486b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xml-security-c (1.4.0-3+lenny1) stable-security; urgency=high
+
+ * CVE-2009-0217: Apply upstream patch to sanity-check the HMAC
+ truncation length. Closes a vulnerability that could allow an
+ attacker to spoof HMAC-based signatures and bypass authentication.
+
+ -- Russ Allbery <rra at debian.org> Fri, 24 Jul 2009 15:42:04 -0700
+
xml-security-c (1.4.0-3) unstable; urgency=low
* Drop the suggests of libxml-security-c-doc since upstream no longer
diff --git a/src/dsig/DSIGAlgorithmHandlerDefault.cpp b/src/dsig/DSIGAlgorithmHandlerDefault.cpp
index a0b9ac3..f4fcb70 100644
--- a/src/dsig/DSIGAlgorithmHandlerDefault.cpp
+++ b/src/dsig/DSIGAlgorithmHandlerDefault.cpp
@@ -459,6 +459,12 @@ unsigned int DSIGAlgorithmHandlerDefault::signToSafeBuffer(
}
// Signature already created, so just translate to base 64 and enter string
+
+ // FIX: CVE-2009-0217
+ if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
+ throw XSECException(XSECException::AlgorithmMapperError,
+ "HMACOutputLength set to unsafe value.");
+ }
convertRawToBase64String(b64SB,
hash,
@@ -560,7 +566,14 @@ bool DSIGAlgorithmHandlerDefault::verifyBase64Signature(
case (XSECCryptoKey::KEY_HMAC) :
// Already done - just compare calculated value with read value
- sigVfyRet = compareBase64StringToRaw(sig,
+
+ // FIX: CVE-2009-0217
+ if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
+ throw XSECException(XSECException::AlgorithmMapperError,
+ "HMACOutputLength set to unsafe value.");
+ }
+
+ sigVfyRet = compareBase64StringToRaw(sig,
hash,
hashLen,
outputLength);
diff --git a/src/dsig/DSIGSignature.cpp b/src/dsig/DSIGSignature.cpp
index 3ab6e56..81fc36f 100644
--- a/src/dsig/DSIGSignature.cpp
+++ b/src/dsig/DSIGSignature.cpp
@@ -1042,6 +1042,13 @@ bool DSIGSignature::verifySignatureOnlyInternal(void) {
}
+ // FIX: CVE-2009-0217
+
+ if (mp_signedInfo->getHMACOutputLength() > 0 && mp_signedInfo->getHMACOutputLength() < 80) {
+ throw XSECException(XSECException::SigVfyError,
+ "DSIGSignature::verify() - HMACOutputLength is unsafe");
+ }
+
// Try to find a key
if (mp_signingKey == NULL) {
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-shibboleth-devel
mailing list