--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package xml-security-c/1.7.3-4+deb9u1
- From: Ferenc Wágner <wferi@debian.org>
- Date: Sun, 12 Jan 2020 15:39:53 +0100
- Message-id: <157883999376.30506.12999017974103766018.reportbug@lant.ki.iif.hu>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Dear Stable Release Team,
The Security Team declined handling #913136 via a security upload and
recommended the stable upgrade route instead. So I retargeted the
upload; the debdiff below differs in the changelog header only.
I'm ready to upload if you agree.
Thanks for your consideration.
Feri.
$ debdiff xml-security-c_1.7.3-4+deb9u1.dsc xml-security-c_1.7.3-4+deb9u2.dsc
diff -Nru xml-security-c-1.7.3/debian/changelog xml-security-c-1.7.3/debian/changelog
--- xml-security-c-1.7.3/debian/changelog 2018-08-03 11:32:52.000000000 +0200
+++ xml-security-c-1.7.3/debian/changelog 2018-12-10 11:45:41.000000000 +0100
@@ -1,3 +1,20 @@
+xml-security-c (1.7.3-4+deb9u2) stretch; urgency=medium
+
+ * [12dd825] New patches: DSA verification crashes OpenSSL on invalid
+ combinations of key content.
+ Particular KeyInfo combinations result in incomplete DSA key structures
+ that OpenSSL can't handle without crashing. In the case of Shibboleth
+ SP software this manifests as a crash in the shibd daemon. Exploitation
+ is believed to be possible only in deployments employing the PKIX trust
+ engine, which is generally recommended against.
+ The upstream patches backported from 2.0.2 apply analogous safeguards to
+ the RSA and ECDSA key handling as well.
+ Upstream bug: https://issues.apache.org/jira/browse/SANTUARIO-496
+ CVE: not assigned
+ Thanks to Scott Cantor (Closes: #913136)
+
+ -- Ferenc Wágner <wferi@debian.org> Mon, 10 Dec 2018 11:45:41 +0100
+
xml-security-c (1.7.3-4+deb9u1) stretch-security; urgency=high
* [93b87c6] New patch: Default KeyInfo resolver doesn't check for empty
diff -Nru xml-security-c-1.7.3/debian/patches/SANTUARIO-496-DSA-verification-crashes-OpenSSL-on-invalid.patch xml-security-c-1.7.3/debian/patches/SANTUARIO-496-DSA-verification-crashes-OpenSSL-on-invalid.patch
--- xml-security-c-1.7.3/debian/patches/SANTUARIO-496-DSA-verification-crashes-OpenSSL-on-invalid.patch 1970-01-01 01:00:00.000000000 +0100
+++ xml-security-c-1.7.3/debian/patches/SANTUARIO-496-DSA-verification-crashes-OpenSSL-on-invalid.patch 2018-12-10 11:45:41.000000000 +0100
@@ -0,0 +1,103 @@
+From: Scott Cantor <scantor@apache.org>
+Date: Thu, 11 Oct 2018 15:13:40 +0000
+Subject: SANTUARIO-496 - DSA verification crashes OpenSSL on invalid
+ combinations of key content
+
+Backport of
+git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-cpp/trunk@1843562 13f79535-47bb-0310-9956-ffa450edef68
+---
+ xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp | 12 ++++++++++++
+ xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp | 12 ++++++++++++
+ xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp | 12 ++++++++++++
+ 3 files changed, 36 insertions(+)
+
+diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp b/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
+index 57999a2..5bdf133 100644
+--- a/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
++++ b/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
+@@ -164,6 +164,12 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Signature(unsigned char * hashBuf,
+ "OpenSSL:DSA - Attempt to validate signature with empty key");
+ }
+
++ XSECCryptoKey::KeyType keyType = getKeyType();
++ if (keyType != KEY_DSA_PAIR && keyType != KEY_DSA_PUBLIC) {
++ throw XSECCryptoException(XSECCryptoException::DSAError,
++ "OpenSSL:DSA - Attempt to validate signature without public key");
++ }
++
+ char* cleanedBase64Signature;
+ unsigned int cleanedBase64SignatureLen = 0;
+
+@@ -264,6 +270,12 @@ unsigned int OpenSSLCryptoKeyDSA::signBase64Signature(unsigned char * hashBuf,
+ "OpenSSL:DSA - Attempt to sign data with empty key");
+ }
+
++ KeyType keyType = getKeyType();
++ if (keyType != KEY_DSA_PAIR && keyType != KEY_DSA_PRIVATE) {
++ throw XSECCryptoException(XSECCryptoException::DSAError,
++ "OpenSSL:DSA - Attempt to sign data without private key");
++ }
++
+ DSA_SIG * dsa_sig;
+
+ dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey);
+diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp b/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
+index 3233343..09ba69e 100644
+--- a/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
++++ b/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
+@@ -151,6 +151,12 @@ bool OpenSSLCryptoKeyEC::verifyBase64SignatureDSA(unsigned char * hashBuf,
+ "OpenSSL:EC - Attempt to validate signature with empty key");
+ }
+
++ KeyType keyType = getKeyType();
++ if (keyType != KEY_EC_PAIR && keyType != KEY_EC_PUBLIC) {
++ throw XSECCryptoException(XSECCryptoException::ECError,
++ "OpenSSL:EC - Attempt to validate signature without public key");
++ }
++
+ char * cleanedBase64Signature;
+ unsigned int cleanedBase64SignatureLen = 0;
+
+@@ -225,6 +231,12 @@ unsigned int OpenSSLCryptoKeyEC::signBase64SignatureDSA(unsigned char * hashBuf,
+ "OpenSSL:EC - Attempt to sign data with empty key");
+ }
+
++ KeyType keyType = getKeyType();
++ if (keyType != KEY_EC_PAIR && keyType != KEY_EC_PRIVATE) {
++ throw XSECCryptoException(XSECCryptoException::ECError,
++ "OpenSSL:EC - Attempt to sign data without private key");
++ }
++
+ ECDSA_SIG * dsa_sig;
+
+ dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey);
+diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp b/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
+index e21b001..c0d7b2b 100644
+--- a/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
++++ b/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
+@@ -416,6 +416,12 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS1Base64Signature(const unsigned char * h
+ "OpenSSL:RSA - Attempt to validate signature with empty key");
+ }
+
++ XSECCryptoKey::KeyType keyType = getKeyType();
++ if (keyType != KEY_RSA_PAIR && keyType != KEY_RSA_PUBLIC) {
++ throw XSECCryptoException(XSECCryptoException::RSAError,
++ "OpenSSL:RSA - Attempt to validate signature without public key");
++ }
++
+ char* cleanedBase64Signature;
+ unsigned int cleanedBase64SignatureLen = 0;
+
+@@ -534,6 +540,12 @@ unsigned int OpenSSLCryptoKeyRSA::signSHA1PKCS1Base64Signature(unsigned char * h
+ "OpenSSL:RSA - Attempt to sign data with empty key");
+ }
+
++ KeyType keyType = getKeyType();
++ if (keyType != KEY_RSA_PAIR && keyType != KEY_RSA_PRIVATE) {
++ throw XSECCryptoException(XSECCryptoException::RSAError,
++ "OpenSSL:RSA - Attempt to sign data without private key");
++ }
++
+ // Build the buffer to be encrypted by prepending the SHA1 OID to the hash
+
+ unsigned char * encryptBuf;
diff -Nru xml-security-c-1.7.3/debian/patches/SANTUARIO-496-Prevent-KeyInfoResolver-returning-NONE-keys.patch xml-security-c-1.7.3/debian/patches/SANTUARIO-496-Prevent-KeyInfoResolver-returning-NONE-keys.patch
--- xml-security-c-1.7.3/debian/patches/SANTUARIO-496-Prevent-KeyInfoResolver-returning-NONE-keys.patch 1970-01-01 01:00:00.000000000 +0100
+++ xml-security-c-1.7.3/debian/patches/SANTUARIO-496-Prevent-KeyInfoResolver-returning-NONE-keys.patch 2018-12-10 11:45:41.000000000 +0100
@@ -0,0 +1,65 @@
+From: Scott Cantor <scantor@apache.org>
+Date: Thu, 11 Oct 2018 15:39:30 +0000
+Subject: SANTUARIO-496 - Prevent KeyInfoResolver returning NONE keys.
+
+git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-cpp/trunk@1843566 13f79535-47bb-0310-9956-ffa450edef68
+---
+ xsec/enc/XSECKeyInfoResolverDefault.cpp | 24 +++++++++++++++++-------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/xsec/enc/XSECKeyInfoResolverDefault.cpp b/xsec/enc/XSECKeyInfoResolverDefault.cpp
+index c4c81cb..7356fc4 100644
+--- a/xsec/enc/XSECKeyInfoResolverDefault.cpp
++++ b/xsec/enc/XSECKeyInfoResolverDefault.cpp
+@@ -127,8 +127,10 @@ XSECCryptoKey * XSECKeyInfoResolverDefault::resolveKey(DSIGKeyInfoList * lst) {
+ dsa->loadYBase64BigNums(value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
+ }
+
+- j_dsa.release();
+- return dsa;
++ if (dsa->getKeyType() != XSECCryptoKey::KEY_NONE) {
++ j_dsa.release();
++ return dsa;
++ }
+ }
+ }
+ break;
+@@ -148,8 +150,10 @@ XSECCryptoKey * XSECKeyInfoResolverDefault::resolveKey(DSIGKeyInfoList * lst) {
+ value << (*mp_formatter << rsaval->getRSAExponent());
+ rsa->loadPublicExponentBase64BigNums(value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
+
+- j_rsa.release();
+- return rsa;
++ if (rsa->getKeyType() != XSECCryptoKey::KEY_NONE) {
++ j_rsa.release();
++ return rsa;
++ }
+ }
+
+ }
+@@ -169,8 +173,10 @@ XSECCryptoKey * XSECKeyInfoResolverDefault::resolveKey(DSIGKeyInfoList * lst) {
+ XSECAutoPtrChar curve(ecval->getECNamedCurve());
+ if (curve.get()) {
+ ec->loadPublicKeyBase64(curve.get(), value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
+- j_ec.release();
+- return ec;
++ if (ec->getKeyType() != XSECCryptoKey::KEY_NONE) {
++ j_ec.release();
++ return ec;
++ }
+ }
+ }
+ }
+@@ -184,7 +190,11 @@ XSECCryptoKey * XSECKeyInfoResolverDefault::resolveKey(DSIGKeyInfoList * lst) {
+ safeBuffer value;
+
+ value << (*mp_formatter << derval->getData());
+- return XSECPlatformUtils::g_cryptoProvider->keyDER(value.rawCharBuffer(), (unsigned int)strlen(value.rawCharBuffer()), true);
++ XSECCryptoKey* key = XSECPlatformUtils::g_cryptoProvider->keyDER(value.rawCharBuffer(), (unsigned int)strlen(value.rawCharBuffer()), true);
++ if (key && key->getKeyType() != XSECCryptoKey::KEY_NONE) {
++ return key;
++ }
++ delete key;
+ }
+ }
+ break;
diff -Nru xml-security-c-1.7.3/debian/patches/series xml-security-c-1.7.3/debian/patches/series
--- xml-security-c-1.7.3/debian/patches/series 2018-08-03 11:32:52.000000000 +0200
+++ xml-security-c-1.7.3/debian/patches/series 2018-12-10 11:45:41.000000000 +0100
@@ -22,3 +22,5 @@
We-do-not-use-pthreads-threadtest.cpp-is-Windows-onl.patch
Only-add-found-packages-to-the-pkg-config-dependenci.patch
Default-KeyInfo-resolver-doesn-t-check-for-empty-element-.patch
+SANTUARIO-496-DSA-verification-crashes-OpenSSL-on-invalid.patch
+SANTUARIO-496-Prevent-KeyInfoResolver-returning-NONE-keys.patch
--- End Message ---