|
 |
8228c6 |
From a9102a384893fd084011e8451867071452031ece Mon Sep 17 00:00:00 2001
|
|
|
8228c6 |
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
|
|
8228c6 |
Date: Mon, 8 Feb 2021 17:05:28 +0000
|
|
|
8228c6 |
Subject: [PATCH 2/6] CVE-2021-25635
|
|
|
8228c6 |
|
|
|
8228c6 |
default to CertificateValidity::INVALID
|
|
|
8228c6 |
|
|
|
8228c6 |
so if CertGetCertificateChain fails we don't want validity to be
|
|
|
8228c6 |
css::security::CertificateValidity::VALID which is what the old default
|
|
|
8228c6 |
of 0 equates to
|
|
|
8228c6 |
|
|
|
8228c6 |
notably
|
|
|
8228c6 |
|
|
|
8228c6 |
commit 1e0bc66d16aee28ce8bd9582ea32178c63841902
|
|
|
8228c6 |
Date: Thu Nov 5 16:55:26 2009 +0100
|
|
|
8228c6 |
|
|
|
8228c6 |
jl137: #103420# better logging
|
|
|
8228c6 |
|
|
|
8228c6 |
turned the nss equivalent of SecurityEnvironment_NssImpl::verifyCertificate
|
|
|
8228c6 |
from 0 to CertificateValidity::INVALID like this change does
|
|
|
8228c6 |
|
|
|
8228c6 |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110561
|
|
|
8228c6 |
Tested-by: Jenkins
|
|
|
8228c6 |
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
|
8228c6 |
(cherry picked from commit edeb164c1d8ab64116afee4e2140403a362a1358)
|
|
|
8228c6 |
|
|
|
8228c6 |
Change-Id: I5350dbc22d1b9b378da2976d3b0abd728f1f4c27
|
|
|
8228c6 |
---
|
|
|
8228c6 |
.../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx | 4 ++--
|
|
|
8228c6 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
8228c6 |
|
|
|
8228c6 |
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
|
|
|
8228c6 |
index d9b657891b96..4031df289f44 100644
|
|
|
8228c6 |
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
|
|
|
8228c6 |
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
|
|
|
8228c6 |
@@ -755,7 +755,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
|
|
|
8228c6 |
const uno::Reference< css::security::XCertificate >& aCert,
|
|
|
8228c6 |
const uno::Sequence< uno::Reference< css::security::XCertificate > >& seqCerts)
|
|
|
8228c6 |
{
|
|
|
8228c6 |
- sal_Int32 validity = 0;
|
|
|
8228c6 |
+ sal_Int32 validity = css::security::CertificateValidity::INVALID;
|
|
|
8228c6 |
PCCERT_CHAIN_CONTEXT pChainContext = nullptr;
|
|
|
8228c6 |
PCCERT_CONTEXT pCertContext = nullptr;
|
|
|
8228c6 |
|
|
|
8228c6 |
@@ -899,7 +899,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::verifyCertificate(
|
|
|
8228c6 |
}
|
|
|
8228c6 |
else
|
|
|
8228c6 |
{
|
|
|
8228c6 |
- SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChaine failed.");
|
|
|
8228c6 |
+ SAL_INFO("xmlsecurity.xmlsec", "CertGetCertificateChain failed.");
|
|
|
8228c6 |
}
|
|
|
8228c6 |
}
|
|
|
8228c6 |
|
|
|
8228c6 |
--
|
|
|
8228c6 |
2.32.0
|
|
|
8228c6 |
|