From 481fb8581fdf891b768eeb0bc88855c27689722b Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Fri, 18 Aug 2017 16:17:49 +1000
Subject: [PATCH] MS cert template: validate argument

Update the server to validate the MS V2 certificate template option
argument when adding or updating a request.

Fixes: https://pagure.io/certmonger/issue/78
---
 src/Makefile.am |  4 +++-
 src/certext.c   | 13 +++++++++++++
 src/certext.h   |  5 +++++
 src/tdbush.c    | 25 +++++++++++++++++++++++--
 4 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 479903c..213bfa9 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -186,7 +186,7 @@ tdbusm_check_SOURCES = tdbusm-check.c tm.c tm.h
 tdbusm_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(POPT_LIBS)
 serial_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(LTLIBICONV)
 nl_check_LDADD = libcm.a $(CERTMONGER_LIBS)
-submit_x_CFLAGS = $(AM_CFLAGS) -DCM_SUBMIT_X_MAIN
+submit_x_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) -DCM_SUBMIT_X_MAIN
 submit_x_SOURCES = submit-x.c submit-x.h submit-u.c submit-u.h log.c log.h \
 	tm.c tm.h
 submit_x_LDADD = $(XMLRPC_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \
@@ -205,12 +205,14 @@ pkglibexec_PROGRAMS += local-submit
 pkglibexec_PROGRAMS += scep-submit
 endif
 noinst_PROGRAMS += submit-h submit-d
+ipa_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS)
 ipa_submit_SOURCES = ipa.c srvloc.c srvloc.h store.h store-gen.c \
 		submit-x.c submit-x.h submit-u.c submit-u.h \
 		submit-e.h util.c util.h log.c log.h tm.c tm.h
 ipa_submit_LDADD = $(XMLRPC_LIBS) $(LDAP_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \
 		   $(GMP_LIBS) $(IDN_LIBS) $(OPENSSL_LIBS) $(UUID_LIBS) \
 		   $(RESOLV_LIBS) $(LTLIBICONV) $(POPT_LIBS)
+certmaster_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS)
 certmaster_submit_SOURCES = certmaster.c submit-x.c submit-x.h \
 		submit-e.h submit-u.c submit-u.h util.c util.h log.c log.h \
 		tm.c tm.h
diff --git a/src/certext.c b/src/certext.c
index 5f8a743..587496f 100644
--- a/src/certext.c
+++ b/src/certext.c
@@ -1663,6 +1663,19 @@ cm_certext_build_certificate_template(
 	return SECITEM_ArenaDupItem(arena, &encoded);
 }
 
+/* Validate a V2 template spec */
+PRBool cm_ms_template_valid(char *template_spec) {
+	PLArenaPool *arena = PORT_NewArena(sizeof(double));
+	if (arena == NULL)
+		return PR_FALSE;
+	SECItem *result =
+		cm_certext_build_certificate_template(arena, template_spec);
+	PORT_FreeArena(arena, PR_FALSE);
+	// *result has been freed, but we don't read it;
+	// we only need to know whether the parse succeeded
+	return result != NULL;
+}
+
 /* Build a Netscape certtype extension value. */
 static SECItem *
 cm_certext_build_ns_certtype(struct cm_store_entry *entry,
diff --git a/src/certext.h b/src/certext.h
index 530ece4..5e95835 100644
--- a/src/certext.h
+++ b/src/certext.h
@@ -15,6 +15,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <prtypes.h>
+
 #ifndef cmcertext_h
 #define cmcertext_h
 
@@ -25,4 +27,7 @@ void cm_certext_build_csr_extensions(struct cm_store_entry *entry,
 				     struct NSSInitContextStr *ctx,
 				     unsigned char **encoded, size_t *length);
 
+/* Validate a V2 template spec */
+PRBool cm_ms_template_valid(char *template_spec);
+
 #endif
diff --git a/src/tdbush.c b/src/tdbush.c
index 9e2a372..04fe57e 100644
--- a/src/tdbush.c
+++ b/src/tdbush.c
@@ -32,6 +32,7 @@
 
 #include "log.h"
 #include "cm.h"
+#include "certext.h"
 #include "prefs.h"
 #include "store.h"
 #include "store-int.h"
@@ -1572,7 +1573,18 @@ base_add_request(DBusConnection *conn, DBusMessage *msg,
 					  CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE,
 					  cm_tdbusm_dict_s);
 	if (param != NULL) {
-		// TODO check validity
+		if (param->value.s != NULL
+		    && strlen(param->value.s) > 0
+		    && !cm_ms_template_valid(param->value.s)) {
+			cm_log(1, "Invalid V2 certificate template specifier: %s", param->value.s);
+			ret = send_internal_base_bad_arg_error(
+				conn, msg,
+				_("Invalid V2 certificate template specifier: %s"),
+				param->value.s,
+				CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE);
+			talloc_free(parent);
+			return ret;
+		}
 		new_entry->cm_template_certificate_template = maybe_strdup(new_entry,
 									   param->value.s);
 	}
@@ -3330,8 +3342,17 @@ request_modify(DBusConnection *conn, DBusMessage *msg,
 			} else
 			if ((param->value_type == cm_tdbusm_dict_s) &&
 			    (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE) == 0)) {
+				if (param->value.s != NULL
+				    && strlen(param->value.s) > 0
+				    && !cm_ms_template_valid(param->value.s)) {
+					cm_log(1, "Invalid V2 certificate template specifier: %s", param->value.s);
+					return send_internal_base_bad_arg_error(
+						conn, msg,
+						_("Invalid V2 certificate template specifier: %s"),
+						param->value.s,
+						CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE);
+				}
 				talloc_free(entry->cm_template_certificate_template);
-				// TODO check validity
 				entry->cm_template_certificate_template =
 					maybe_strdup(entry, param->value.s);
 				if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) {
-- 
2.14.4