Projet

Général

Profil

0005-Check-if-the-signature-method-is-allowed-in-addition.patch

Jakub Hrozek, 16 juin 2021 14:19

Télécharger (6,51 ko)

Voir les différences:

Subject: [PATCH 5/6] Check if the signature method is allowed in addition to
 being valid

Adds a new utility function lasso_allowed_signature_method() that checks
if the signature method is allowed. Previously, the code would only
check if the method was valid.

This new function is used whenever lasso_validate_signature_method was
previously used through lasso_ok_signature_method() which wraps both
validate and allowed.

lasso_allowed_signature_method() is also used on a couple of places,
notably lasso_query_verify_helper().

Related:
https://dev.entrouvert.org/issues/54037
 lasso/id-ff/server.c     |  4 ++--
 lasso/saml-2.0/profile.c |  4 ++--
 lasso/xml/tools.c        | 11 ++++++++++-
 lasso/xml/xml.c          |  5 +++--
 lasso/xml/xml.h          | 13 +++++++++++++
 5 files changed, 30 insertions(+), 7 deletions(-)
lasso/id-ff/server.c
909 909
		private_context = &provider->private_data->signature_context;
910 910
	}
911 911

  
912
	if (private_context && lasso_validate_signature_method(private_context->signature_method)) {
912
	if (private_context && lasso_ok_signature_method(private_context->signature_method)) {
913 913
		lasso_assign_signature_context(*signature_context, *private_context);
914 914
	} else {
915 915
		rc = lasso_server_get_signature_context(server, signature_context);
......
1014 1014
				provider_id, &context));
1015 1015
	query = lasso_node_build_query(node);
1016 1016
	goto_cleanup_if_fail_with_rc(query, LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
1017
	if (lasso_validate_signature_method(context.signature_method)) {
1017
	if (lasso_ok_signature_method(context.signature_method)) {
1018 1018
		lasso_assign_new_string(query, lasso_query_sign(query, context));
1019 1019
	}
1020 1020
	goto_cleanup_if_fail_with_rc(query,
lasso/saml-2.0/profile.c
1181 1181
					"see #3.4.3 of saml-bindings-2.0-os");
1182 1182
		}
1183 1183
	}
1184
	if (lasso_validate_signature_method(context.signature_method)) {
1184
	if (lasso_ok_signature_method(context.signature_method)) {
1185 1185
		result = lasso_query_sign(unsigned_query, context);
1186 1186
		goto_cleanup_if_fail_with_rc(result != NULL,
1187 1187
				LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
......
1219 1219
	goto_cleanup_if_fail_with_rc (url != NULL, LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
1220 1220
	/* if message is signed, remove XML signature, add query signature */
1221 1221
	lasso_assign_signature_context(context, lasso_node_get_signature(msg));
1222
	if (lasso_validate_signature_method(context.signature_method)) {
1222
	if (lasso_ok_signature_method(context.signature_method)) {
1223 1223
		lasso_node_remove_signature(msg);
1224 1224
	}
1225 1225
	lasso_check_good_rc(lasso_saml20_profile_export_to_query(profile, msg, &query, context));
lasso/xml/tools.c
499 499
        lasso_error_t rc = 0;
500 500

  
501 501
	g_return_val_if_fail(query != NULL, NULL);
502
	g_return_val_if_fail(lasso_validate_signature_method(context.signature_method), NULL);
502
	g_return_val_if_fail(lasso_ok_signature_method(context.signature_method), NULL);
503 503

  
504 504
	key = context.signature_key;
505 505
	sign_method = context.signature_method;
......
804 804
	} else {
805 805
		goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGALG);
806 806
	}
807

  
808
	/* is the signature algo allowed */
809
	goto_cleanup_if_fail_with_rc(
810
                lasso_allowed_signature_method(method),
811
                LASSO_DS_ERROR_INVALID_SIGALG);
812

  
807 813
	/* decode signature */
808 814
	signature = g_malloc(key_size+1);
809 815
	goto_cleanup_if_fail_with_rc(
......
2397 2403
	};
2398 2404
	xmlSecKey *private_key = NULL;
2399 2405

  
2406
	/* is the signature algo allowed */
2407
	goto_cleanup_if_fail(lasso_allowed_signature_method(signature_method));
2408

  
2400 2409
	xmlSecErrorsDefaultCallbackEnableOutput(FALSE);
2401 2410
	switch (signature_method) {
2402 2411
		case LASSO_SIGNATURE_METHOD_RSA_SHA1:
lasso/xml/xml.c
824 824
			node_data->sign_method_offset);
825 825
	private_key_file = G_STRUCT_MEMBER(char *, node, node_data->private_key_file_offset);
826 826
	certificate_file = G_STRUCT_MEMBER(char *, node, node_data->certificate_file_offset);
827
	if (! lasso_validate_signature_method(signature_method)) {
827
	if (! lasso_ok_signature_method(signature_method)) {
828 828
		return FALSE;
829 829
	}
830 830
	if (lasso_node_set_signature(node,
......
1873 1873
			int what;
1874 1874
			if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE,
1875 1875
						BAD_CAST LASSO_LIB_HREF, &what,
1876
						LASSO_SIGNATURE_METHOD_RSA_SHA1,
1876
						lasso_get_min_signature_method(),
1877 1877
						LASSO_SIGNATURE_METHOD_LAST))
1878 1878
				break;
1879 1879
			method = what;
1880

  
1880 1881
			if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE,
1881 1882
					BAD_CAST LASSO_LIB_HREF, &what, LASSO_SIGNATURE_TYPE_NONE+1,
1882 1883
					LASSO_SIGNATURE_TYPE_LAST))
lasso/xml/xml.h
132 132
		&& signature_method < (LassoSignatureMethod)LASSO_SIGNATURE_METHOD_LAST;
133 133
}
134 134

  
135
static inline gboolean
136
lasso_allowed_signature_method(LassoSignatureMethod signature_method)
137
{
138
	return signature_method >= lasso_get_min_signature_method();
139
}
140

  
141
static inline gboolean
142
lasso_ok_signature_method(LassoSignatureMethod signature_method)
143
{
144
	return lasso_validate_signature_method(signature_method) \
145
	    && lasso_allowed_signature_method(signature_method);
146
}
147

  
135 148
typedef struct _LassoNode LassoNode;
136 149
typedef struct _LassoNodeClass LassoNodeClass;
137 150
typedef struct _LassoNodeClassData LassoNodeClassData;
138
-