[xmltooling] 01/02: Security fix from 1.5.5 for CVE-2015-0851

[Ferenc Wágner]

This is an automated email from the git hooks/post-receive script.

wferi-guest pushed a commit to branch wheezy
in repository xmltooling.

commit 2ae279506caf0373ec3fb52225e5b9bbee57851f
Author: Ferenc Wágner <wferi at niif.hu>
Date:   Sat Jul 18 21:36:24 2015 +0200

    Security fix from 1.5.5 for CVE-2015-0851
    
    Shibboleth SP software crashes on well-formed but invalid XML
    ====================================================================
    The Service Provider software contains a code path with an uncaught
    exception that can be triggered by an unauthenticated attacker by
    supplying well-formed but schema-invalid XML in the form of SAML
    metadata or SAML protocol messages. The result is a crash and so
    causes a denial of service.
---
 debian/changelog  |  7 +++++++
 xmltooling/base.h | 22 ++++++++++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index cc22327..2177b29 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xmltooling (1.4.2-5+deb7u1) wheezy-security; urgency=high
+
+  * Apply security fix from 1.5.5 for CVE-2015-0851 DoS:
+    Shibboleth SP software crashes on well-formed but invalid XML
+
+ -- Ferenc Wagner <wferi at niif.hu>  Mon, 27 Jul 2015 11:39:26 +0200
+
 xmltooling (1.4.2-5) unstable; urgency=low
 
   * Revert changes to add symbols file.  Due to churn in weak symbols for
diff --git a/xmltooling/base.h b/xmltooling/base.h
index 0626e81..6ba495e 100644
--- a/xmltooling/base.h
+++ b/xmltooling/base.h
@@ -691,7 +691,16 @@
         XMLCh* m_##proper; \
     public: \
         pair<bool,int> get##proper() const { \
-            return make_pair((m_##proper!=nullptr),(m_##proper!=nullptr ? xercesc::XMLString::parseInt(m_##proper): 0)); \
+            if (m_##proper) { \
+                try { \
+                    return std::make_pair(true, xercesc::XMLString::parseInt(m_##proper)); \
+                } \
+                catch (...) { \
+                    return std::make_pair(true, 0); \
+                } \
+            } else { \
+                return std::make_pair(false, 0); \
+            } \
         } \
         void set##proper(const XMLCh* proper) { \
             m_##proper = prepareForAssignment(m_##proper,proper); \
@@ -1245,7 +1254,16 @@
 #define DECL_INTEGER_CONTENT(proper) \
     XMLTOOLING_DOXYGEN(Returns proper in integer form after a NULL indicator.) \
     std::pair<bool,int> get##proper() const { \
-        return std::make_pair((getTextContent()!=nullptr), (getTextContent()!=nullptr ? xercesc::XMLString::parseInt(getTextContent()) : 0)); \
+        if (getTextContent()) { \
+            try { \
+                return std::make_pair(true, xercesc::XMLString::parseInt(getTextContent())); \
+            } \
+            catch (...) { \
+                return std::make_pair(true, 0); \
+            } \
+        } else { \
+            return std::make_pair(false, 0); \
+        } \
     } \
     XMLTOOLING_DOXYGEN(Sets proper.) \
     void set##proper(int proper) { \

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/xmltooling.git