1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
From: Sébastien Delafond <seb@debian.org>
Date: Sat, 1 Nov 2014 14:32:19 +0100
Subject: Fix CVE-2013-2172
---
.../xml/dsig/internal/dom/DOMCanonicalizationMethod.java | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
+++ b/src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
@@ -47,6 +47,9 @@
public DOMCanonicalizationMethod(TransformService spi)
throws InvalidAlgorithmParameterException {
super(spi);
+ if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+ throw new InvalidAlgorithmParameterException("Illegal CanonicalizationMethod");
+ }
}
/**
@@ -59,6 +62,9 @@
public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context,
Provider provider) throws MarshalException {
super(cmElem, context, provider);
+ if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+ throw new MarshalException("Illegal CanonicalizationMethod");
+ }
}
/**
@@ -102,4 +108,13 @@
assert false : "hashCode not designed";
return 42;
}
+
+ private static boolean isC14Nalg(String alg) {
+ return alg.equals(CanonicalizationMethod.INCLUSIVE)
+ || alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS)
+ || alg.equals(CanonicalizationMethod.EXCLUSIVE)
+ || alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS)
+ || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11)
+ || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS);
+ }
}
|
