Overview

File libxmlsec-xmlsec1-cve-2009-0217-ooo300-m9.diff of Package OpenOffice_org-libs-extern

--- libxmlsec/xmlsec1-1.2.6.patch.old	2009-12-22 16:46:18.000000000 +0000
+++ libxmlsec/xmlsec1-1.2.6.patch	2009-12-22 16:58:34.000000000 +0000
@@ -17554,3 +17554,233 @@
                   xmlSecError( XMLSEC_ERRORS_HERE ,
                       xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
                       "PK11_FindPrivateKeyFromCert" ,
+--- misc/xmlsec1-1.2.6/include/xmlsec/gnutls/crypto.h.old	2003-09-09 19:58:45.000000000 +0000
++++ misc/build/xmlsec1-1.2.6/include/xmlsec/gnutls/crypto.h	2009-12-22 16:53:31.000000000 +0000
+@@ -113,6 +113,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId x
+  *
+  *******************************************************************/
+ #ifndef XMLSEC_NO_HMAC
++
++XMLSEC_CRYPTO_EXPORT int               xmlSecGnuTLSHmacGetMinOutputLength();
++XMLSEC_CRYPTO_EXPORT void              xmlSecGnuTLSHmacSetMinOutputLength(int min_length);
++
+ /** 
+  * xmlSecGnuTLSKeyDataHmacId:
+  * 
+--- misc/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h.old	2009-12-22 16:46:21.000000000 +0000
++++ misc/build/xmlsec1-1.2.6/include/xmlsec/nss/crypto.h	2009-12-22 16:53:31.000000000 +0000
+@@ -188,6 +188,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId x
+  *
+  *******************************************************************/
+ #ifndef XMLSEC_NO_HMAC
++
++XMLSEC_CRYPTO_EXPORT int               xmlSecNssHmacGetMinOutputLength();
++XMLSEC_CRYPTO_EXPORT void              xmlSecNssHmacSetMinOutputLength(int min_length);
++
+ /** 
+  * xmlSecNssKeyDataHmacId:
+  * 
+--- misc/xmlsec1-1.2.6/include/xmlsec/openssl/crypto.h.old	2003-09-28 01:34:46.000000000 +0000
++++ misc/build/xmlsec1-1.2.6/include/xmlsec/openssl/crypto.h	2009-12-22 16:53:31.000000000 +0000
+@@ -188,6 +188,10 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId x
+  *
+  *******************************************************************/
+ #ifndef XMLSEC_NO_HMAC
++
++XMLSEC_CRYPTO_EXPORT int               xmlSecOpenSSLHmacGetMinOutputLength();
++XMLSEC_CRYPTO_EXPORT void              xmlSecOpenSSLHmacSetMinOutputLength(int min_length);
++
+ /** 
+  * xmlSecOpenSSLKeyDataHmacId:
+  * 
+--- misc/xmlsec1-1.2.6/src/gnutls/hmac.c.old	2004-01-11 03:04:27.000000000 +0000
++++ misc/build/xmlsec1-1.2.6/src/gnutls/hmac.c	2009-12-22 16:53:31.000000000 +0000
+@@ -23,10 +23,40 @@
+ #include <xmlsec/gnutls/app.h>
+ #include <xmlsec/gnutls/crypto.h>
+ 
++#define XMLSEC_GNUTLS_MIN_HMAC_SIZE		64
+ #define XMLSEC_GNUTLS_MAX_HMAC_SIZE		128
+ 
+ /**************************************************************************
+  *
++ * Configuration
++ *
++ *****************************************************************************/
++static int g_xmlsec_gnutls_hmac_min_length = XMLSEC_GNUTLS_MIN_HMAC_SIZE;
++
++/**
++ * xmlSecGnuTLSHmacGetMinOutputLength: 
++ * 
++ * Returns the min HMAC output length
++ */
++int xmlSecGnuTLSHmacGetMinOutputLength()
++{
++    return g_xmlsec_gnutls_hmac_min_length;
++}
++
++/**
++ * xmlSecGnuTLSHmacSetMinOutputLength: 
++ *
++ * @min_length: the new min length 
++ * 
++ * Sets the min HMAC output length
++ */
++void xmlSecGnuTLSHmacSetMinOutputLength(int min_length)
++{
++    g_xmlsec_gnutls_hmac_min_length = min_length;
++}
++
++/**************************************************************************
++ *
+  * Internal GNUTLS HMAC CTX
+  *
+  *****************************************************************************/
+@@ -178,7 +208,20 @@ xmlSecGnuTLSHmacNodeRead(xmlSecTransform
+ 	    ctx->dgstSize = atoi((char*)content);	    
+ 	    xmlFree(content);
+ 	}
+-	/* todo: error if dgstSize == 0 ?*/
++	
++	/* Ensure that HMAC length is greater than min specified.
++	   Otherwise, an attacker can set this lenght to 0 or very 
++	   small value
++	*/
++	if(ctx->dgstSize < xmlSecGnuTLSHmacGetMinOutputLength()) {
++ 	   xmlSecError(XMLSEC_ERRORS_HERE,
++		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
++		    xmlSecNodeHMACOutputLength,
++		    XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
++		    "HMAC output length is too small");
++	   return(-1);
++	}
++
+ 	cur = xmlSecGetNextElementNode(cur->next);
+     }
+     
+--- misc/xmlsec1-1.2.6/src/nss/hmac.c.old	2009-12-22 16:46:21.000000000 +0000
++++ misc/build/xmlsec1-1.2.6/src/nss/hmac.c	2009-12-22 16:53:31.000000000 +0000
+@@ -26,10 +26,40 @@
+ #include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/tokens.h>
+ 
++#define XMLSEC_NSS_MIN_HMAC_SIZE		64
+ #define XMLSEC_NSS_MAX_HMAC_SIZE		128
+ 
+ /**************************************************************************
+  *
++ * Configuration
++ *
++ *****************************************************************************/
++static int g_xmlsec_nss_hmac_min_length = XMLSEC_NSS_MIN_HMAC_SIZE;
++
++/**
++ * xmlSecNssHmacGetMinOutputLength: 
++ * 
++ * Returns the min HMAC output length
++ */
++int xmlSecNssHmacGetMinOutputLength()
++{
++    return g_xmlsec_nss_hmac_min_length;
++}
++
++/**
++ * xmlSecNssHmacSetMinOutputLength: 
++ *
++ * @min_length: the new min length 
++ * 
++ * Sets the min HMAC output length
++ */
++void xmlSecNssHmacSetMinOutputLength(int min_length)
++{
++    g_xmlsec_nss_hmac_min_length = min_length;
++}
++
++/**************************************************************************
++ *
+  * Internal NSS HMAC CTX
+  *
+  *****************************************************************************/
+@@ -162,7 +192,20 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr
+ 	    ctx->dgstSize = atoi((char*)content);	    
+ 	    xmlFree(content);
+ 	}
+-	/* todo: error if dgstSize == 0 ?*/
++
++	/* Ensure that HMAC length is greater than min specified.
++	   Otherwise, an attacker can set this lenght to 0 or very 
++	   small value
++	*/
++	if(ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) {
++ 	   xmlSecError(XMLSEC_ERRORS_HERE,
++		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
++		    xmlSecNodeHMACOutputLength,
++		    XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
++		    "HMAC output length is too small");
++	   return(-1);
++	}
++
+ 	cur = xmlSecGetNextElementNode(cur->next);
+     }
+     
+--- misc/xmlsec1-1.2.6/src/openssl/hmac.c.old	2003-07-21 03:12:55.000000000 +0000
++++ misc/build/xmlsec1-1.2.6/src/openssl/hmac.c	2009-12-22 16:53:31.000000000 +0000
+@@ -32,6 +32,36 @@
+ 
+ #include <xmlsec/openssl/crypto.h>
+ 
++#define XMLSEC_OPENSSL_MIN_HMAC_SIZE		64
++
++/**************************************************************************
++ *
++ * Configuration
++ *
++ *****************************************************************************/
++static int g_xmlsec_openssl_hmac_min_length = XMLSEC_OPENSSL_MIN_HMAC_SIZE;
++
++/**
++ * xmlSecOpenSSLHmacGetMinOutputLength: 
++ * 
++ * Returns the min HMAC output length
++ */
++int xmlSecOpenSSLHmacGetMinOutputLength()
++{
++    return g_xmlsec_openssl_hmac_min_length;
++}
++
++/**
++ * xmlSecOpenSSLHmacSetMinOutputLength: 
++ *
++ * @min_length: the new min length 
++ * 
++ * Sets the min HMAC output length
++ */
++void xmlSecOpenSSLHmacSetMinOutputLength(int min_length)
++{
++    g_xmlsec_openssl_hmac_min_length = min_length;
++}
+ 
+ /**************************************************************************
+  *
+@@ -155,7 +185,20 @@ xmlSecOpenSSLHmacNodeRead(xmlSecTransfor
+ 	    ctx->dgstSize = atoi((char*)content);	    
+ 	    xmlFree(content);
+ 	}
+-	/* todo: error if dgstSize == 0 ?*/
++
++	/* Ensure that HMAC length is greater than min specified.
++	   Otherwise, an attacker can set this lenght to 0 or very 
++	   small value
++	*/
++	if(ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
++ 	   xmlSecError(XMLSEC_ERRORS_HERE,
++		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
++		    xmlSecNodeHMACOutputLength,
++		    XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
++		    "HMAC output length is too small");
++	   return(-1);
++	}
++
+ 	cur = xmlSecGetNextElementNode(cur->next);
+     }
+
openSUSE Build Service is sponsored by
Places