[Libreoffice-commits] core.git: xmlsecurity/source

Mon Feb 1 10:37:37 UTC 2016

xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx |   16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

New commits:
commit e6aaf64cfc378d0daa0709c40c85ee1e9c0fd151
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Mon Feb 1 11:16:15 2016 +0100

    xmlsecurity: validate OOXML <Manifest> references
    
    ODF uses no <Manifest> references, so this doesn't change anything for
    ODF.
    
    Previously we only validated the hash of a <Manifest> element, but not
    reference hashes inside the <Manifest> element. This means now we can
    detect not only changes to the signature metadata (signing data, signing
    comment), but also changes in other streams, i.e. everything else.
    
    libxmlsec already validated the manifest references hashes, the only
    missing piece was that it's up to the client if it wants to validate
    them, so libxmlsec doesn't do so by default -> our code has to.
    
    This commit only affects the nss backend, still need to adapt the
    mscrypto backend later presumably.
    
    Change-Id: I0b11519d3eb003783048a00c4cada74762c6462f

diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
index 4093f1c..1a42704 100644
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
@@ -244,9 +244,21 @@ SAL_CALL XMLSignature_NssImpl::validate(
         //Verify signature
         int rs = xmlSecDSigCtxVerify( pDsigCtx , pNode );
 
+        // Also verify manifest: this is empty for ODF, but contains everything (except signature metadata) for OOXML.
+        xmlSecSize nReferenceCount = xmlSecPtrListGetSize(&pDsigCtx->manifestReferences);
+        // Require that all manifest references are also good.
+        xmlSecSize nReferenceGood = 0;
+        for (xmlSecSize nReference = 0; nReference < nReferenceCount; ++nReference)
+        {
+            xmlSecDSigReferenceCtxPtr pReference = static_cast<xmlSecDSigReferenceCtxPtr>(xmlSecPtrListGetItem(&pDsigCtx->manifestReferences, nReference));
+            if (pReference)
+            {
+                if (pReference->status == xmlSecDSigStatusSucceeded)
+                    ++nReferenceGood;
+            }
+        }
 
-        if (rs == 0 &&
-            pDsigCtx->status == xmlSecDSigStatusSucceeded)
+        if (rs == 0 && pDsigCtx->status == xmlSecDSigStatusSucceeded && nReferenceCount == nReferenceGood)
         {
             aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
             xmlSecDSigCtxDestroy( pDsigCtx ) ;
