Fix dead code issue
Resolves: rhbz#1966606: CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses
This commit is contained in:
parent
3791d4b04d
commit
1f87a4d9fe
@ -0,0 +1,59 @@
|
|||||||
|
From 20f653f70818b85fe1b4de77a629fce352fb8cbd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||||
|
Date: Mon, 26 Jul 2021 16:25:52 +0200
|
||||||
|
Subject: [PATCH] lasso_saml20_login_process_response_status_and_assertion:
|
||||||
|
handle rc as per verify_hint
|
||||||
|
|
||||||
|
In case VERIFY_HINT was set to IGNORE and the login signature was
|
||||||
|
incorrect, lasso_saml20_login_process_response_status_and_assertion
|
||||||
|
would have jumped straight to the cleanup label which just returns the
|
||||||
|
return code. Let's jump to a new label handlerc instead which might set
|
||||||
|
the return code to 0 in case verify_hint is set to IGNORE.
|
||||||
|
|
||||||
|
Related: https://dev.entrouvert.org/issues/54689
|
||||||
|
---
|
||||||
|
lasso/saml-2.0/login.c | 20 ++++++--------------
|
||||||
|
1 file changed, 6 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
|
||||||
|
index cf62c1cc9..1d5668b5b 100644
|
||||||
|
--- a/lasso/saml-2.0/login.c
|
||||||
|
+++ b/lasso/saml-2.0/login.c
|
||||||
|
@@ -1371,7 +1371,7 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
|
||||||
|
char *status_value;
|
||||||
|
lasso_error_t rc = 0;
|
||||||
|
lasso_error_t assertion_signature_status = 0;
|
||||||
|
- LassoProfileSignatureVerifyHint verify_hint;
|
||||||
|
+ LassoProfileSignatureVerifyHint verify_hint = LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST;
|
||||||
|
|
||||||
|
profile = &login->parent;
|
||||||
|
lasso_extract_node_or_fail(response, profile->response, SAMLP2_STATUS_RESPONSE,
|
||||||
|
@@ -1492,20 +1492,12 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
|
||||||
|
lasso_assign_gobject (login->private_data->saml2_assertion, last_assertion);
|
||||||
|
}
|
||||||
|
|
||||||
|
- switch (verify_hint) {
|
||||||
|
- case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
|
||||||
|
- case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
|
||||||
|
- break;
|
||||||
|
- case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
|
||||||
|
- /* ignore signature errors */
|
||||||
|
- if (rc == LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE) {
|
||||||
|
- rc = 0;
|
||||||
|
- }
|
||||||
|
- break;
|
||||||
|
- default:
|
||||||
|
- g_assert(0);
|
||||||
|
- }
|
||||||
|
cleanup:
|
||||||
|
+ if (verify_hint == LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE &&
|
||||||
|
+ rc == LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE) {
|
||||||
|
+ profile->signature_status = rc;
|
||||||
|
+ rc = 0;
|
||||||
|
+ }
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.26.3
|
||||||
|
|
@ -59,7 +59,7 @@
|
|||||||
Summary: Liberty Alliance Single Sign On
|
Summary: Liberty Alliance Single Sign On
|
||||||
Name: lasso
|
Name: lasso
|
||||||
Version: 2.7.0
|
Version: 2.7.0
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://lasso.entrouvert.org/
|
URL: http://lasso.entrouvert.org/
|
||||||
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
|
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
|
||||||
@ -96,6 +96,7 @@ Patch0005: 0005-Check-if-the-signature-method-is-allowed-in-addition.patch
|
|||||||
Patch0006: 0006-python-Skip-the-DSA-key-test-unless-SHA-1-is-configu.patch
|
Patch0006: 0006-python-Skip-the-DSA-key-test-unless-SHA-1-is-configu.patch
|
||||||
Patch0007: 0007-test13_test_lasso_server_load_metadata-Don-t-verify-.patch
|
Patch0007: 0007-test13_test_lasso_server_load_metadata-Don-t-verify-.patch
|
||||||
Patch0008: autogen.noconfig
|
Patch0008: autogen.noconfig
|
||||||
|
Patch0009: 0009-lasso_saml20_login_process_response_status_and_asser.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Lasso is a library that implements the Liberty Alliance Single Sign On
|
Lasso is a library that implements the Liberty Alliance Single Sign On
|
||||||
@ -322,6 +323,11 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 28 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-7
|
||||||
|
- Fix dead code issue
|
||||||
|
- Resolves: rhbz#1966606: CVE-2021-28091 lasso: XML signature wrapping
|
||||||
|
vulnerability when parsing SAML responses
|
||||||
|
|
||||||
* Thu Jul 29 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-6
|
* Thu Jul 29 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.7.0-6
|
||||||
- Resolves: rhbz#1984822 - lasso: FTBFS in test suite due to short test
|
- Resolves: rhbz#1984822 - lasso: FTBFS in test suite due to short test
|
||||||
timeout (potentially OpenSSL-related)
|
timeout (potentially OpenSSL-related)
|
||||||
|
Loading…
Reference in New Issue
Block a user