File bsc1212359.patch of Package xmltooling.29630

X-Git-Url: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=blobdiff_plain;f=xmltooling%2FXMLToolingConfig.cpp;h=dd5634d8055c9cb971cc99e5b1e5fc56a76c595f;hp=4bd5b11a0ca688f0b8fa2ed1b4997038202e4314;hb=6080f6343f98fec085bc0fd746913ee418cc9d30;hpb=40dcc327cd67e9e84f95b4f19087eae2397958b1

Index: xmltooling-1.5.6/xmltooling/XMLToolingConfig.cpp
===================================================================
--- xmltooling-1.5.6.orig/xmltooling/XMLToolingConfig.cpp
+++ xmltooling-1.5.6/xmltooling/XMLToolingConfig.cpp
@@ -74,6 +74,7 @@
 # include <xsec/framework/XSECException.hpp>
 # include <xsec/framework/XSECProvider.hpp>
 # include <xsec/transformers/TXFMBase.hpp>
+# include <xsec/framework/XSECURIResolver.hpp>
 #endif
 
 using namespace soap11;
@@ -113,7 +114,7 @@ namespace {
 #ifndef XMLTOOLING_NO_XMLSEC
     static ptr_vector<Mutex> g_openssl_locks;
 
-    extern "C" void openssl_locking_callback(int mode,int n,const char *file,int line)
+    extern "C" void openssl_locking_callback(int mode, int n, const char *, int)
     {
         if (mode & CRYPTO_LOCK)
             g_openssl_locks[n].lock();
@@ -142,7 +143,7 @@ namespace {
 	    void setInput(TXFMBase *newInput) {
 	        input = newInput;
 	        if (newInput->getOutputType() != TXFMBase::BYTE_STREAM)
-		        throw XSECException(XSECException::TransformInputOutputFail, "OutputLog transform requires BYTE_STREAM input");
+		        throw XSECException(XSECException       ::TransformInputOutputFail, "OutputLog transform requires BYTE_STREAM input");
 	        keepComments = input->getCommentsStatus();
             m_log.debug("\n----- BEGIN SIGNATURE DEBUG -----\n");
         }
@@ -184,6 +185,27 @@ namespace {
     }
 # endif
 
+    class BlockingXSECURIResolver : public XSECURIResolver {
+    public:
+    	BlockingXSECURIResolver() : m_log(Category::getInstance(XMLTOOLING_LOGCAT ".XMLSecurity")) {}
+    	~BlockingXSECURIResolver() {}
+
+    	BinInputStream* resolveURI(const XMLCh* uri) {
+    		auto_ptr_char temp(uri);
+    		m_log.warn("blocked remote resource retrieval by xml-security-c library: %s",
+    				temp.get() ? temp.get() : "(none)");
+    		return nullptr;
+    	}
+
+    	void setBaseURI(const XMLCh* uri) {}
+
+    	XSECURIResolver* clone() {
+    		return new BlockingXSECURIResolver();
+    	}
+
+    private:
+    	Category& m_log;
+    };
 #endif
 
 #ifdef WIN32
@@ -416,6 +438,7 @@ bool XMLToolingInternalConfig::init()
         XSECPlatformUtils::SetReferenceLoggingSink(TXFMOutputLogFactory);
 # endif
         m_xsecProvider = new XSECProvider();
+        m_xsecProvider->setDefaultURIResolver(new BlockingXSECURIResolver());
         log.debug("XML-Security %s initialization complete", XSEC_FULLVERSIONDOT);
 #endif