File bsc1212359.patch of Package xmltooling.29609
X-Git-Url: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=blobdiff_plain;f=xmltooling%2FXMLToolingConfig.cpp;h=dd5634d8055c9cb971cc99e5b1e5fc56a76c595f;hp=4bd5b11a0ca688f0b8fa2ed1b4997038202e4314;hb=6080f6343f98fec085bc0fd746913ee418cc9d30;hpb=40dcc327cd67e9e84f95b4f19087eae2397958b1
diff --git a/xmltooling/XMLToolingConfig.cpp b/xmltooling/XMLToolingConfig.cpp
index 4bd5b11..dd5634d 100644
--- a/xmltooling/XMLToolingConfig.cpp
+++ b/xmltooling/XMLToolingConfig.cpp
@@ -75,6 +75,7 @@
# include <xsec/framework/XSECException.hpp>
# include <xsec/framework/XSECProvider.hpp>
# include <xsec/transformers/TXFMBase.hpp>
+# include <xsec/framework/XSECURIResolver.hpp>
#endif
using namespace soap11;
@@ -116,7 +117,7 @@ namespace {
#endif
static ptr_vector<Mutex> g_openssl_locks;
- extern "C" void openssl_locking_callback(int mode,int n,const char *file,int line)
+ extern "C" void openssl_locking_callback(int mode, int n, const char *, int)
{
if (mode & CRYPTO_LOCK)
g_openssl_locks[n].lock();
@@ -144,7 +145,7 @@ namespace {
void setInput(TXFMBase *newInput) {
input = newInput;
if (newInput->getOutputType() != TXFMBase::BYTE_STREAM)
- throw XSECException(XSECException::TransformInputOutputFail, "OutputLog transform requires BYTE_STREAM input");
+ throw XSECException(XSECException ::TransformInputOutputFail, "OutputLog transform requires BYTE_STREAM input");
keepComments = input->getCommentsStatus();
m_log.debug("\n----- BEGIN SIGNATURE DEBUG -----\n");
}
@@ -175,6 +176,27 @@ namespace {
return nullptr;
}
+ class BlockingXSECURIResolver : public XSECURIResolver {
+ public:
+ BlockingXSECURIResolver() : m_log(Category::getInstance(XMLTOOLING_LOGCAT ".XMLSecurity")) {}
+ ~BlockingXSECURIResolver() {}
+
+ BinInputStream* resolveURI(const XMLCh* uri) {
+ auto_ptr_char temp(uri);
+ m_log.warn("blocked remote resource retrieval by xml-security-c library: %s",
+ temp.get() ? temp.get() : "(none)");
+ return nullptr;
+ }
+
+ void setBaseURI(const XMLCh* uri) {}
+
+ XSECURIResolver* clone() {
+ return new BlockingXSECURIResolver();
+ }
+
+ private:
+ Category& m_log;
+ };
#endif
#ifdef WIN32
@@ -400,6 +422,7 @@ bool XMLToolingInternalConfig::init(bool deprecationSupport)
XSECPlatformUtils::Initialise();
XSECPlatformUtils::SetReferenceLoggingSink(TXFMOutputLogFactory);
m_xsecProvider.reset(new XSECProvider());
+ m_xsecProvider->setDefaultURIResolver(new BlockingXSECURIResolver());
log.debug("XML-Security %s initialization complete", XSEC_FULLVERSIONDOT);
#endif
