diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2021-12-20 17:05:44 +0000 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2022-01-07 17:10:58 +0100 |
| commit | 71e24ced5ed93618215bb95f9d32783f9ebe95a3 (patch) | |
| tree | 0534c19c6c003c324fd02c739f14b92a370679c7 /xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | |
| parent | 038779349fafacbf3a81ba9a833f6647fec6f546 (diff) | |
only use X509Data
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
Diffstat (limited to 'xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx')
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx index 85058a273814..6f5f86fbd058 100644 --- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx @@ -245,6 +245,10 @@ SAL_CALL XMLSignature_NssImpl::validate( // We do certificate verification ourselves. pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + // limit possible key data to valid X509 certificates only, no KeyValues + if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0) + throw RuntimeException("failed to limit allowed key data"); + //Verify signature int rs = xmlSecDSigCtxVerify( pDsigCtx , pNode ); |