Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
OpenOffice_org-libs-extern
libxmlsec-xmlsec1-cve-2009-0217-ooo310-m19.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libxmlsec-xmlsec1-cve-2009-0217-ooo310-m19.diff of Package OpenOffice_org-libs-extern
--- libxmlsec/xmlsec1-1.2.6.patch.old 2009-12-22 17:44:34.000000000 +0000 +++ libxmlsec/xmlsec1-1.2.6.patch 2009-12-22 17:56:36.000000000 +0000 @@ -15361,3 +15361,233 @@ XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib +--- misc/xmlsec1-1.2.6/include/xmlsec/gnutls/crypto.h.old 2003-09-09 19:58:45.000000000 +0000 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/gnutls/crypto.h 2009-12-22 17:52:44.000000000 +0000 +@@ -113,6 +113,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId x + * + *******************************************************************/ + #ifndef XMLSEC_NO_HMAC ++ ++XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSHmacGetMinOutputLength(); ++XMLSEC_CRYPTO_EXPORT void xmlSecGnuTLSHmacSetMinOutputLength(int min_length); ++ + /** + * xmlSecGnuTLSKeyDataHmacId: + * +--- misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h.old 2009-12-22 17:44:56.000000000 +0000 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h 2009-12-22 17:52:44.000000000 +0000 +@@ -188,6 +188,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId x + * + *******************************************************************/ + #ifndef XMLSEC_NO_HMAC ++ ++XMLSEC_CRYPTO_EXPORT int xmlSecNssHmacGetMinOutputLength(); ++XMLSEC_CRYPTO_EXPORT void xmlSecNssHmacSetMinOutputLength(int min_length); ++ + /** + * xmlSecNssKeyDataHmacId: + * +--- misc/xmlsec1-1.2.6/include/xmlsec/openssl/crypto.h.old 2003-09-28 01:34:46.000000000 +0000 ++++ misc/build/xmlsec1-1.2.6/include/xmlsec/openssl/crypto.h 2009-12-22 17:52:44.000000000 +0000 +@@ -188,6 +188,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId x + * + *******************************************************************/ + #ifndef XMLSEC_NO_HMAC ++ ++XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLHmacGetMinOutputLength(); ++XMLSEC_CRYPTO_EXPORT void xmlSecOpenSSLHmacSetMinOutputLength(int min_length); ++ + /** + * xmlSecOpenSSLKeyDataHmacId: + * +--- misc/xmlsec1-1.2.6/src/gnutls/hmac.c.old 2004-01-11 03:04:27.000000000 +0000 ++++ misc/build/xmlsec1-1.2.6/src/gnutls/hmac.c 2009-12-22 17:52:44.000000000 +0000 +@@ -23,10 +23,40 @@ + #include <xmlsec/gnutls/app.h> + #include <xmlsec/gnutls/crypto.h> + ++#define XMLSEC_GNUTLS_MIN_HMAC_SIZE 64 + #define XMLSEC_GNUTLS_MAX_HMAC_SIZE 128 + + /************************************************************************** + * ++ * Configuration ++ * ++ *****************************************************************************/ ++static int g_xmlsec_gnutls_hmac_min_length = XMLSEC_GNUTLS_MIN_HMAC_SIZE; ++ ++/** ++ * xmlSecGnuTLSHmacGetMinOutputLength: ++ * ++ * Returns the min HMAC output length ++ */ ++int xmlSecGnuTLSHmacGetMinOutputLength() ++{ ++ return g_xmlsec_gnutls_hmac_min_length; ++} ++ ++/** ++ * xmlSecGnuTLSHmacSetMinOutputLength: ++ * ++ * @min_length: the new min length ++ * ++ * Sets the min HMAC output length ++ */ ++void xmlSecGnuTLSHmacSetMinOutputLength(int min_length) ++{ ++ g_xmlsec_gnutls_hmac_min_length = min_length; ++} ++ ++/************************************************************************** ++ * + * Internal GNUTLS HMAC CTX + * + *****************************************************************************/ +@@ -178,7 +208,20 @@ xmlSecGnuTLSHmacNodeRead(xmlSecTransform + ctx->dgstSize = atoi((char*)content); + xmlFree(content); + } +- /* todo: error if dgstSize == 0 ?*/ ++ ++ /* Ensure that HMAC length is greater than min specified. ++ Otherwise, an attacker can set this lenght to 0 or very ++ small value ++ */ ++ if(ctx->dgstSize < xmlSecGnuTLSHmacGetMinOutputLength()) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ++ xmlSecNodeHMACOutputLength, ++ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, ++ "HMAC output length is too small"); ++ return(-1); ++ } ++ + cur = xmlSecGetNextElementNode(cur->next); + } + +--- misc/xmlsec1-1.2.6/src/nss/hmac.c.old 2009-12-22 17:44:56.000000000 +0000 ++++ misc/build/xmlsec1-1.2.6/src/nss/hmac.c 2009-12-22 17:52:44.000000000 +0000 +@@ -26,10 +26,40 @@ + #include <xmlsec/nss/crypto.h> + #include <xmlsec/nss/tokens.h> + ++#define XMLSEC_NSS_MIN_HMAC_SIZE 64 + #define XMLSEC_NSS_MAX_HMAC_SIZE 128 + + /************************************************************************** + * ++ * Configuration ++ * ++ *****************************************************************************/ ++static int g_xmlsec_nss_hmac_min_length = XMLSEC_NSS_MIN_HMAC_SIZE; ++ ++/** ++ * xmlSecNssHmacGetMinOutputLength: ++ * ++ * Returns the min HMAC output length ++ */ ++int xmlSecNssHmacGetMinOutputLength() ++{ ++ return g_xmlsec_nss_hmac_min_length; ++} ++ ++/** ++ * xmlSecNssHmacSetMinOutputLength: ++ * ++ * @min_length: the new min length ++ * ++ * Sets the min HMAC output length ++ */ ++void xmlSecNssHmacSetMinOutputLength(int min_length) ++{ ++ g_xmlsec_nss_hmac_min_length = min_length; ++} ++ ++/************************************************************************** ++ * + * Internal NSS HMAC CTX + * + *****************************************************************************/ +@@ -162,7 +192,20 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr + ctx->dgstSize = atoi((char*)content); + xmlFree(content); + } +- /* todo: error if dgstSize == 0 ?*/ ++ ++ /* Ensure that HMAC length is greater than min specified. ++ Otherwise, an attacker can set this lenght to 0 or very ++ small value ++ */ ++ if(ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ++ xmlSecNodeHMACOutputLength, ++ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, ++ "HMAC output length is too small"); ++ return(-1); ++ } ++ + cur = xmlSecGetNextElementNode(cur->next); + } + +--- misc/xmlsec1-1.2.6/src/openssl/hmac.c.old 2003-07-21 03:12:55.000000000 +0000 ++++ misc/build/xmlsec1-1.2.6/src/openssl/hmac.c 2009-12-22 17:52:44.000000000 +0000 +@@ -32,6 +32,36 @@ + + #include <xmlsec/openssl/crypto.h> + ++#define XMLSEC_OPENSSL_MIN_HMAC_SIZE 64 ++ ++/************************************************************************** ++ * ++ * Configuration ++ * ++ *****************************************************************************/ ++static int g_xmlsec_openssl_hmac_min_length = XMLSEC_OPENSSL_MIN_HMAC_SIZE; ++ ++/** ++ * xmlSecOpenSSLHmacGetMinOutputLength: ++ * ++ * Returns the min HMAC output length ++ */ ++int xmlSecOpenSSLHmacGetMinOutputLength() ++{ ++ return g_xmlsec_openssl_hmac_min_length; ++} ++ ++/** ++ * xmlSecOpenSSLHmacSetMinOutputLength: ++ * ++ * @min_length: the new min length ++ * ++ * Sets the min HMAC output length ++ */ ++void xmlSecOpenSSLHmacSetMinOutputLength(int min_length) ++{ ++ g_xmlsec_openssl_hmac_min_length = min_length; ++} + + /************************************************************************** + * +@@ -155,7 +185,20 @@ xmlSecOpenSSLHmacNodeRead(xmlSecTransfor + ctx->dgstSize = atoi((char*)content); + xmlFree(content); + } +- /* todo: error if dgstSize == 0 ?*/ ++ ++ /* Ensure that HMAC length is greater than min specified. ++ Otherwise, an attacker can set this lenght to 0 or very ++ small value ++ */ ++ if(ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ++ xmlSecNodeHMACOutputLength, ++ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, ++ "HMAC output length is too small"); ++ return(-1); ++ } ++ + cur = xmlSecGetNextElementNode(cur->next); + } +
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor