Overview

File CVE-20230-20900.patch of Package open-vm-tools.31242

From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001
From: John Wolfe <jwolfe@vmware.com>
Date: Fri, 18 Aug 2023 11:23:53 -0700
Subject: [PATCH] Address CVE-2023-20900

VGAuth: Allow only X509 certs to verify the SAML token signature.

---
 open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
index f5541a9..0b2a945 100644
--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc,
     */
    bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
    if (bRet == FALSE) {
-      g_warning("failed to register ID\n");
+      g_warning("Failed to register ID\n");
+      goto done;
+   }
+
+   /* Use only X509 certs to validate the signature */
+   if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
+                        BAD_CAST xmlSecKeyDataX509Id) < 0) {
+      g_warning("Failed to limit allowed key data\n");
       goto done;
    }
 
-- 
2.6.2
openSUSE Build Service is sponsored by
Places