Skip to content

Commit

Permalink
Release 2.1.1. Security release for CVE-2019-3465
Browse files Browse the repository at this point in the history
  • Loading branch information
robrichards committed Nov 5, 2019
1 parent eadb8f6 commit 118450a
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 6 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
xmlseclibs.php
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
06, Nov 2019, 2.1.1
Security Improvements:
- Insure only a single SignedInfo element exists within a signature during
verification. Refs CVE-2019-3465.
Bug Fixes:
- Fix variable casing.

15, Nov 2018, 2.1.0
Security Improvements:
- Filter input to avoid XPath injection. (Jaime Pérez)
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Copyright (c) 2007-2018, Robert Richards <rrichards@cdatazone.org>.
Copyright (c) 2007-2019, Robert Richards <rrichards@cdatazone.org>.
All rights reserved.

Redistribution and use in source and binary forms, with or without
Expand Down
12 changes: 10 additions & 2 deletions src/XMLSecurityDSig.php
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,11 @@ public function locateSignature($objDoc, $pos=0)
$query = ".//secdsig:Signature";
$nodeset = $xpath->query($query, $objDoc);
$this->sigNode = $nodeset->item($pos);
$query = "./secdsig:SignedInfo";
$nodeset = $xpath->query($query, $this->sigNode);
if ($nodeset->length > 1) {
throw new Exception("Invalid structure - Too many SignedInfo elements found");
}
return $this->sigNode;
}
return null;
Expand Down Expand Up @@ -234,6 +239,9 @@ public function setCanonicalMethod($method)
if ($xpath = $this->getXPathObj()) {
$query = './'.$this->searchpfx.':SignedInfo';
$nodeset = $xpath->query($query, $this->sigNode);
if ($nodeset->length > 1) {
throw new Exception("Invalid structure - Too many SignedInfo elements found");
}
if ($sinfo = $nodeset->item(0)) {
$query = './'.$this->searchpfx.'CanonicalizationMethod';
$nodeset = $xpath->query($query, $sinfo);
Expand Down Expand Up @@ -440,7 +448,7 @@ public function processTransforms($refNode, $objData, $includeCommentNodes = tru
if ($node->localName == 'XPath') {
$arXPath = array();
$arXPath['query'] = '(.//. | .//@* | .//namespace::*)['.$node->nodeValue.']';
$arXpath['namespaces'] = array();
$arXPath['namespaces'] = array();
$nslist = $xpath->query('./namespace::*', $node);
foreach ($nslist AS $nsnode) {
if ($nsnode->localName != "xml") {
Expand Down Expand Up @@ -554,7 +562,7 @@ public function getRefIDs()
$refids = array();

$xpath = $this->getXPathObj();
$query = "./secdsig:SignedInfo/secdsig:Reference";
$query = "./secdsig:SignedInfo[1]/secdsig:Reference";
$nodeset = $xpath->query($query, $this->sigNode);
if ($nodeset->length == 0) {
throw new Exception("Reference nodes not found");
Expand Down
6 changes: 3 additions & 3 deletions xmlseclibs.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
/**
* xmlseclibs.php
*
* Copyright (c) 2007-2018, Robert Richards <rrichards@cdatazone.org>.
* Copyright (c) 2007-2019, Robert Richards <rrichards@cdatazone.org>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Expand Down Expand Up @@ -35,9 +35,9 @@
* POSSIBILITY OF SUCH DAMAGE.
*
* @author Robert Richards <rrichards@cdatazone.org>
* @copyright 2007-2018 Robert Richards <rrichards@cdatazone.org>
* @copyright 2007-2019 Robert Richards <rrichards@cdatazone.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
* @version 2.1.0
* @version 2.1.1
*/

$xmlseclibs_srcdir = dirname(__FILE__) . '/src/';
Expand Down

0 comments on commit 118450a

Please sign in to comment.