Security update for xml-security-c

[Russ Allbery]

[ Copy of the mail to team at security.debian.org that I sent to the wrong
  address at first. ]

I've prepared a security update for xml-security-c and am looking for
permission to upload to stable-security.  Attached below is the diff.  I'm
working on a patch for oldstable now.

This is the upstream fix for CVE-2009-0217.  See also:

    http://www.kb.cert.org/vuls/id/466161
    https://issues.apache.org/bugzilla/show_bug.cgi?id=47527

1.4.0-4 has already been uploaded to unstable with this fix.

diff --git a/debian/changelog b/debian/changelog
index f77f4b1..26f486b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xml-security-c (1.4.0-3+lenny1) stable-security; urgency=high
+
+  * CVE-2009-0217: Apply upstream patch to sanity-check the HMAC
+    truncation length.  Closes a vulnerability that could allow an
+    attacker to spoof HMAC-based signatures and bypass authentication.
+
+ -- Russ Allbery <rra at debian.org>  Fri, 24 Jul 2009 15:42:04 -0700
+
 xml-security-c (1.4.0-3) unstable; urgency=low
 
   * Drop the suggests of libxml-security-c-doc since upstream no longer
diff --git a/src/dsig/DSIGAlgorithmHandlerDefault.cpp b/src/dsig/DSIGAlgorithmHandlerDefault.cpp
index a0b9ac3..f4fcb70 100644
--- a/src/dsig/DSIGAlgorithmHandlerDefault.cpp
+++ b/src/dsig/DSIGAlgorithmHandlerDefault.cpp
@@ -459,6 +459,12 @@ unsigned int DSIGAlgorithmHandlerDefault::signToSafeBuffer(
 		}
 
 		// Signature already created, so just translate to base 64 and enter string
+
+        // FIX: CVE-2009-0217
+        if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
+            throw XSECException(XSECException::AlgorithmMapperError,
+                "HMACOutputLength set to unsafe value.");
+        }
 		
 		convertRawToBase64String(b64SB, 
 								hash, 
@@ -560,7 +566,14 @@ bool DSIGAlgorithmHandlerDefault::verifyBase64Signature(
 	case (XSECCryptoKey::KEY_HMAC) :
 
 		// Already done - just compare calculated value with read value
-		sigVfyRet = compareBase64StringToRaw(sig, 
+
+        // FIX: CVE-2009-0217
+        if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
+            throw XSECException(XSECException::AlgorithmMapperError,
+                "HMACOutputLength set to unsafe value.");
+        }
+
+	    sigVfyRet = compareBase64StringToRaw(sig,
 			hash, 
 			hashLen,
 			outputLength);
diff --git a/src/dsig/DSIGSignature.cpp b/src/dsig/DSIGSignature.cpp
index 3ab6e56..81fc36f 100644
--- a/src/dsig/DSIGSignature.cpp
+++ b/src/dsig/DSIGSignature.cpp
@@ -1042,6 +1042,13 @@ bool DSIGSignature::verifySignatureOnlyInternal(void) {
 
 	}
 
+	// FIX: CVE-2009-0217
+
+	if (mp_signedInfo->getHMACOutputLength() > 0 && mp_signedInfo->getHMACOutputLength() < 80) {
+	    throw XSECException(XSECException::SigVfyError,
+            "DSIGSignature::verify() - HMACOutputLength is unsafe");
+	}
+
 	// Try to find a key
 	if (mp_signingKey == NULL) {

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>