|
 |
0719f5 |
From f9a3aca0cb31a412faae25dd9fdbbf3fb61cb62f Mon Sep 17 00:00:00 2001
|
|
|
0719f5 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
0719f5 |
Date: Tue, 15 Jun 2021 15:08:44 +0200
|
|
|
0719f5 |
Subject: [PATCH 5/7] Check if the signature method is allowed in addition to
|
|
|
0719f5 |
being valid (#54037)
|
|
|
0719f5 |
|
|
|
0719f5 |
Adds a new utility function lasso_allowed_signature_method() that checks
|
|
|
0719f5 |
if the signature method is allowed. Previously, the code would only
|
|
|
0719f5 |
check if the method was valid.
|
|
|
0719f5 |
|
|
|
0719f5 |
This new function is used whenever lasso_validate_signature_method was
|
|
|
0719f5 |
previously used through lasso_ok_signature_method() which wraps both
|
|
|
0719f5 |
validate and allowed.
|
|
|
0719f5 |
|
|
|
0719f5 |
lasso_allowed_signature_method() is also used on a couple of places,
|
|
|
0719f5 |
notably lasso_query_verify_helper().
|
|
|
0719f5 |
|
|
|
0719f5 |
Related:
|
|
|
0719f5 |
https://dev.entrouvert.org/issues/54037
|
|
|
0719f5 |
---
|
|
|
0719f5 |
lasso/id-ff/server.c | 4 ++--
|
|
|
0719f5 |
lasso/saml-2.0/profile.c | 4 ++--
|
|
|
0719f5 |
lasso/xml/tools.c | 11 ++++++++++-
|
|
|
0719f5 |
lasso/xml/xml.c | 5 +++--
|
|
|
0719f5 |
lasso/xml/xml.h | 13 +++++++++++++
|
|
|
0719f5 |
5 files changed, 30 insertions(+), 7 deletions(-)
|
|
|
0719f5 |
|
|
|
0719f5 |
diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c
|
|
|
0719f5 |
index 2bf5b7a8c..98a6c0214 100644
|
|
|
0719f5 |
--- a/lasso/id-ff/server.c
|
|
|
0719f5 |
+++ b/lasso/id-ff/server.c
|
|
|
0719f5 |
@@ -909,7 +909,7 @@ lasso_server_get_signature_context_for_provider(LassoServer *server,
|
|
|
0719f5 |
private_context = &provider->private_data->signature_context;
|
|
|
0719f5 |
}
|
|
|
0719f5 |
|
|
|
0719f5 |
- if (private_context && lasso_validate_signature_method(private_context->signature_method)) {
|
|
|
0719f5 |
+ if (private_context && lasso_ok_signature_method(private_context->signature_method)) {
|
|
|
0719f5 |
lasso_assign_signature_context(*signature_context, *private_context);
|
|
|
0719f5 |
} else {
|
|
|
0719f5 |
rc = lasso_server_get_signature_context(server, signature_context);
|
|
|
0719f5 |
@@ -1014,7 +1014,7 @@ lasso_server_export_to_query_for_provider_by_name(LassoServer *server, const cha
|
|
|
0719f5 |
provider_id, &context));
|
|
|
0719f5 |
query = lasso_node_build_query(node);
|
|
|
0719f5 |
goto_cleanup_if_fail_with_rc(query, LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
|
|
|
0719f5 |
- if (lasso_validate_signature_method(context.signature_method)) {
|
|
|
0719f5 |
+ if (lasso_ok_signature_method(context.signature_method)) {
|
|
|
0719f5 |
lasso_assign_new_string(query, lasso_query_sign(query, context));
|
|
|
0719f5 |
}
|
|
|
0719f5 |
goto_cleanup_if_fail_with_rc(query,
|
|
|
0719f5 |
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
|
|
|
0719f5 |
index 85f535ae0..412c391a6 100644
|
|
|
0719f5 |
--- a/lasso/saml-2.0/profile.c
|
|
|
0719f5 |
+++ b/lasso/saml-2.0/profile.c
|
|
|
0719f5 |
@@ -1181,7 +1181,7 @@ lasso_saml20_profile_export_to_query(LassoProfile *profile, LassoNode *msg, char
|
|
|
0719f5 |
"see #3.4.3 of saml-bindings-2.0-os");
|
|
|
0719f5 |
}
|
|
|
0719f5 |
}
|
|
|
0719f5 |
- if (lasso_validate_signature_method(context.signature_method)) {
|
|
|
0719f5 |
+ if (lasso_ok_signature_method(context.signature_method)) {
|
|
|
0719f5 |
result = lasso_query_sign(unsigned_query, context);
|
|
|
0719f5 |
goto_cleanup_if_fail_with_rc(result != NULL,
|
|
|
0719f5 |
LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
|
|
|
0719f5 |
@@ -1219,7 +1219,7 @@ lasso_saml20_profile_build_http_redirect(LassoProfile *profile,
|
|
|
0719f5 |
goto_cleanup_if_fail_with_rc (url != NULL, LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
|
|
|
0719f5 |
/* if message is signed, remove XML signature, add query signature */
|
|
|
0719f5 |
lasso_assign_signature_context(context, lasso_node_get_signature(msg));
|
|
|
0719f5 |
- if (lasso_validate_signature_method(context.signature_method)) {
|
|
|
0719f5 |
+ if (lasso_ok_signature_method(context.signature_method)) {
|
|
|
0719f5 |
lasso_node_remove_signature(msg);
|
|
|
0719f5 |
}
|
|
|
0719f5 |
lasso_check_good_rc(lasso_saml20_profile_export_to_query(profile, msg, &query, context));
|
|
|
0719f5 |
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
|
|
|
0719f5 |
index cf6dade09..077b1134d 100644
|
|
|
0719f5 |
--- a/lasso/xml/tools.c
|
|
|
0719f5 |
+++ b/lasso/xml/tools.c
|
|
|
0719f5 |
@@ -499,7 +499,7 @@ lasso_query_sign(char *query, LassoSignatureContext context)
|
|
|
0719f5 |
lasso_error_t rc = 0;
|
|
|
0719f5 |
|
|
|
0719f5 |
g_return_val_if_fail(query != NULL, NULL);
|
|
|
0719f5 |
- g_return_val_if_fail(lasso_validate_signature_method(context.signature_method), NULL);
|
|
|
0719f5 |
+ g_return_val_if_fail(lasso_ok_signature_method(context.signature_method), NULL);
|
|
|
0719f5 |
|
|
|
0719f5 |
key = context.signature_key;
|
|
|
0719f5 |
sign_method = context.signature_method;
|
|
|
0719f5 |
@@ -804,6 +804,12 @@ lasso_query_verify_helper(const char *signed_content, const char *b64_signature,
|
|
|
0719f5 |
} else {
|
|
|
0719f5 |
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGALG);
|
|
|
0719f5 |
}
|
|
|
0719f5 |
+
|
|
|
0719f5 |
+ /* is the signature algo allowed */
|
|
|
0719f5 |
+ goto_cleanup_if_fail_with_rc(
|
|
|
0719f5 |
+ lasso_allowed_signature_method(method),
|
|
|
0719f5 |
+ LASSO_DS_ERROR_INVALID_SIGALG);
|
|
|
0719f5 |
+
|
|
|
0719f5 |
/* decode signature */
|
|
|
0719f5 |
signature = g_malloc(key_size+1);
|
|
|
0719f5 |
goto_cleanup_if_fail_with_rc(
|
|
|
0719f5 |
@@ -2434,6 +2440,9 @@ _lasso_xmlsec_load_key_from_buffer(const char *buffer, size_t length, const char
|
|
|
0719f5 |
};
|
|
|
0719f5 |
xmlSecKey *private_key = NULL;
|
|
|
0719f5 |
|
|
|
0719f5 |
+ /* is the signature algo allowed */
|
|
|
0719f5 |
+ goto_cleanup_if_fail(lasso_allowed_signature_method(signature_method));
|
|
|
0719f5 |
+
|
|
|
0719f5 |
xmlSecErrorsDefaultCallbackEnableOutput(FALSE);
|
|
|
0719f5 |
switch (signature_method) {
|
|
|
0719f5 |
case LASSO_SIGNATURE_METHOD_RSA_SHA1:
|
|
|
0719f5 |
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
|
|
|
0719f5 |
index f017ebbe3..49574de68 100644
|
|
|
0719f5 |
--- a/lasso/xml/xml.c
|
|
|
0719f5 |
+++ b/lasso/xml/xml.c
|
|
|
0719f5 |
@@ -824,7 +824,7 @@ lasso_legacy_extract_and_copy_signature_parameters(LassoNode *node, LassoNodeCla
|
|
|
0719f5 |
node_data->sign_method_offset);
|
|
|
0719f5 |
private_key_file = G_STRUCT_MEMBER(char *, node, node_data->private_key_file_offset);
|
|
|
0719f5 |
certificate_file = G_STRUCT_MEMBER(char *, node, node_data->certificate_file_offset);
|
|
|
0719f5 |
- if (! lasso_validate_signature_method(signature_method)) {
|
|
|
0719f5 |
+ if (! lasso_ok_signature_method(signature_method)) {
|
|
|
0719f5 |
return FALSE;
|
|
|
0719f5 |
}
|
|
|
0719f5 |
if (lasso_node_set_signature(node,
|
|
|
0719f5 |
@@ -1873,10 +1873,11 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
|
|
|
0719f5 |
int what;
|
|
|
0719f5 |
if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE,
|
|
|
0719f5 |
BAD_CAST LASSO_LIB_HREF, &what,
|
|
|
0719f5 |
- LASSO_SIGNATURE_METHOD_RSA_SHA1,
|
|
|
0719f5 |
+ lasso_get_min_signature_method(),
|
|
|
0719f5 |
LASSO_SIGNATURE_METHOD_LAST))
|
|
|
0719f5 |
break;
|
|
|
0719f5 |
method = what;
|
|
|
0719f5 |
+
|
|
|
0719f5 |
if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE,
|
|
|
0719f5 |
BAD_CAST LASSO_LIB_HREF, &what, LASSO_SIGNATURE_TYPE_NONE+1,
|
|
|
0719f5 |
LASSO_SIGNATURE_TYPE_LAST))
|
|
|
0719f5 |
diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h
|
|
|
0719f5 |
index d0d3e1b0d..60c04eae5 100644
|
|
|
0719f5 |
--- a/lasso/xml/xml.h
|
|
|
0719f5 |
+++ b/lasso/xml/xml.h
|
|
|
0719f5 |
@@ -132,6 +132,19 @@ lasso_validate_signature_method(LassoSignatureMethod signature_method)
|
|
|
0719f5 |
&& signature_method < (LassoSignatureMethod)LASSO_SIGNATURE_METHOD_LAST;
|
|
|
0719f5 |
}
|
|
|
0719f5 |
|
|
|
0719f5 |
+static inline gboolean
|
|
|
0719f5 |
+lasso_allowed_signature_method(LassoSignatureMethod signature_method)
|
|
|
0719f5 |
+{
|
|
|
0719f5 |
+ return signature_method >= lasso_get_min_signature_method();
|
|
|
0719f5 |
+}
|
|
|
0719f5 |
+
|
|
|
0719f5 |
+static inline gboolean
|
|
|
0719f5 |
+lasso_ok_signature_method(LassoSignatureMethod signature_method)
|
|
|
0719f5 |
+{
|
|
|
0719f5 |
+ return lasso_validate_signature_method(signature_method) \
|
|
|
0719f5 |
+ && lasso_allowed_signature_method(signature_method);
|
|
|
0719f5 |
+}
|
|
|
0719f5 |
+
|
|
|
0719f5 |
typedef struct _LassoNode LassoNode;
|
|
|
0719f5 |
typedef struct _LassoNodeClass LassoNodeClass;
|
|
|
0719f5 |
typedef struct _LassoNodeClassData LassoNodeClassData;
|
|
|
0719f5 |
--
|
|
|
0719f5 |
2.26.3
|
|
|
0719f5 |
|