diff options
Diffstat (limited to 'external/xmlsec/mscng-fixes.patch.1')
-rw-r--r-- | external/xmlsec/mscng-fixes.patch.1 | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/external/xmlsec/mscng-fixes.patch.1 b/external/xmlsec/mscng-fixes.patch.1 new file mode 100644 index 000000000000..c93a0812210c --- /dev/null +++ b/external/xmlsec/mscng-fixes.patch.1 @@ -0,0 +1,70 @@ +From c97803e20287c189e37b5a737e84ed02b510949f Mon Sep 17 00:00:00 2001 +Subject: [PATCH] mscng: fix use-after-free, implement adoption of private key + as part of key extraction (#192) + +--- + src/mscng/signatures.c | 18 +++++++++++++----- + src/mscng/x509.c | 8 ++++++-- + src/xmltree.c | 2 +- + 3 files changed, 20 insertions(+), 8 deletions(-) + +diff --git a/src/mscng/signatures.c b/src/mscng/signatures.c +index 365c484a..a7e0fbb7 100644 +--- a/src/mscng/signatures.c ++++ b/src/mscng/signatures.c +@@ -258,20 +258,28 @@ static void xmlSecMSCngSignatureFinalize(xmlSecTransformPtr transform) { + xmlSecKeyDataDestroy(ctx->data); + } + +- if(ctx->pbHash != NULL) { +- xmlFree(ctx->pbHash); +- } ++ // MSDN documents at ++ // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376217(v=vs.85).aspx ++ // that the order of cleanup should be: ++ // - algo handle ++ // - hash handle ++ // - hash object pointer ++ // - hash pointer + + if(ctx->hHashAlg != 0) { + BCryptCloseAlgorithmProvider(ctx->hHashAlg, 0); + } + ++ if(ctx->hHash != 0) { ++ BCryptDestroyHash(ctx->hHash); ++ } ++ + if(ctx->pbHashObject != NULL) { + xmlFree(ctx->pbHashObject); + } + +- if(ctx->hHash != 0) { +- BCryptDestroyHash(ctx->hHash); ++ if(ctx->pbHash != NULL) { ++ xmlFree(ctx->pbHash); + } + + memset(ctx, 0, sizeof(xmlSecMSCngSignatureCtx)); +diff --git a/src/mscng/x509.c b/src/mscng/x509.c +index 492193af..3ab62c5c 100644 +--- a/src/mscng/x509.c ++++ b/src/mscng/x509.c +@@ -785,8 +785,12 @@ xmlSecMSCngKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, + } + + if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) { +- xmlSecNotImplementedError(NULL); +- return(-1); ++ keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePrivate); ++ if(keyValue == NULL) { ++ xmlSecInternalError("xmlSecMSCngCertAdopt", ++ xmlSecKeyDataGetName(data)); ++ return(-1); ++ } + } else if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic) != 0) { + keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePublic); + if(keyValue == NULL) { +-- +2.16.4 + |