From: Sébastien Delafond <seb@debian.org>
Date: Sat, 1 Nov 2014 14:32:19 +0100
Subject: Fix CVE-2013-2172

---
 .../xml/dsig/internal/dom/DOMCanonicalizationMethod.java  | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

--- a/src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
+++ b/src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
@@ -47,6 +47,9 @@
     public DOMCanonicalizationMethod(TransformService spi)
 	throws InvalidAlgorithmParameterException {
 	super(spi);
+        if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+            throw new InvalidAlgorithmParameterException("Illegal CanonicalizationMethod");
+        } 
     }
 
     /**
@@ -59,6 +62,9 @@
     public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context,
 	Provider provider) throws MarshalException {
 	super(cmElem, context, provider);
+        if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+            throw new MarshalException("Illegal CanonicalizationMethod");
+        } 
     }
 
     /**
@@ -102,4 +108,13 @@
 	assert false : "hashCode not designed";
 	return 42;
     }
+    
+    private static boolean isC14Nalg(String alg) {
+        return alg.equals(CanonicalizationMethod.INCLUSIVE) 
+            || alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) 
+            || alg.equals(CanonicalizationMethod.EXCLUSIVE) 
+            || alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) 
+            || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) 
+            || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS);
+    } 
 }