Security update for xml-security-c
Russ Allbery
rra at debian.org
Mon Jul 27 22:44:28 UTC 2009
I have uploaded 1.4.0-3+lenny2 to the right queue this time.
I've also prepared a fix for oldstable. This fix is a bit different
because the code had been reorganized after 1.2.1, and the old package was
using quilt. Below is the diff; let me know if this looks good and I'll
upload it as well.
diff -u xml-security-c-1.2.1/debian/changelog xml-security-c-1.2.1/debian/changelog
--- xml-security-c-1.2.1/debian/changelog
+++ xml-security-c-1.2.1/debian/changelog
@@ -1,3 +1,11 @@
+xml-security-c (1.2.1-3+etch1) oldstable-security; urgency=high
+
+ * CVE-2009-0217: Apply upstream patch to sanity-check the HMAC
+ truncation length. Closes a vulnerability that could allow an
+ attacker to spoof HMAC-based signatures and bypass authentication.
+
+ -- Russ Allbery <rra at debian.org> Fri, 24 Jul 2009 16:34:29 -0700
+
xml-security-c (1.2.1-3) unstable; urgency=low
* Fix compilation with g++ 4.1. (Closes: #375348)
diff -u xml-security-c-1.2.1/debian/patches/series xml-security-c-1.2.1/debian/patches/series
--- xml-security-c-1.2.1/debian/patches/series
+++ xml-security-c-1.2.1/debian/patches/series
@@ -2,0 +3 @@
+CVE-2009-0217
only in patch2:
unchanged:
--- xml-security-c-1.2.1.orig/debian/patches/CVE-2009-0217
+++ xml-security-c-1.2.1/debian/patches/CVE-2009-0217
@@ -0,0 +1,73 @@
+diff --git a/src/dsig/DSIGSignature.cpp b/src/dsig/DSIGSignature.cpp
+index 2a32474..c23c9cc 100644
+--- a/src/dsig/DSIGSignature.cpp
++++ b/src/dsig/DSIGSignature.cpp
+@@ -993,6 +993,14 @@ bool DSIGSignature::verifySignatureOnlyInternal(void) {
+
+ }
+
++ // FIX: CVE-2009-0217
++
++ if (mp_signedInfo == NULL
++ || (mp_signedInfo->getHMACOutputLength() > 0 && mp_signedInfo->getHMACOutputLength() < 80)) {
++ throw XSECException(XSECException::SigVfyError,
++ "DSIGSignature::verify() - HMACOutputLength is unsafe");
++ }
++
+ // Try to find a key
+ if (mp_signingKey == NULL) {
+
+@@ -1023,6 +1031,7 @@ bool DSIGSignature::verifySignatureOnlyInternal(void) {
+
+ // Now set up to verify
+ bool sigVfyRet = false;
++ unsigned int outputLength = mp_signedInfo->getHMACOutputLength();
+
+ switch (mp_signingKey->getKeyType()) {
+
+@@ -1074,10 +1083,17 @@ bool DSIGSignature::verifySignatureOnlyInternal(void) {
+ case (XSECCryptoKey::KEY_HMAC) :
+
+ // Already done - just compare calculated value with read value
++
++ // FIX: CVE-2009-0217
++ if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
++ throw XSECException(XSECException::SigVfyError,
++ "HMACOutputLength set to unsafe value.");
++ }
++
+ sigVfyRet = compareBase64StringToRaw(m_signatureValueSB,
+ hash,
+ hashLen,
+- mp_signedInfo->getHMACOutputLength());
++ outputLength);
+ if (!sigVfyRet)
+ m_errStr.sbXMLChCat("HMAC Validation of <SignedInfo> failed");
+
+@@ -1174,6 +1190,7 @@ void DSIGSignature::sign(void) {
+ char b64Buf[1024];
+ unsigned int b64Len;
+ safeBuffer b64SB;
++ unsigned int outputLength = mp_signedInfo->getHMACOutputLength();
+
+ switch (mp_signingKey->getKeyType()) {
+
+@@ -1249,11 +1266,17 @@ void DSIGSignature::sign(void) {
+ }
+
+ // Signature already created, so just translate to base 64 and enter string
++
++ // FIX: CVE-2009-0217
++ if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
++ throw XSECException(XSECException::SigningError,
++ "HMACOutputLength set to unsafe value.");
++ }
+
+ convertRawToBase64String(b64SB,
+ hash,
+ hashLen,
+- mp_signedInfo->getHMACOutputLength());
++ outputLength);
+
+ strncpy(b64Buf, (char *) b64SB.rawBuffer(), 1024);
+ break;
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-shibboleth-devel
mailing list