Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mono/mono.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSebastien Pouliot <sebastien@ximian.com>2009-07-14 22:45:41 +0400
committerSebastien Pouliot <sebastien@ximian.com>2009-07-14 22:45:41 +0400
commitc20551c1942db667672b36a07856467caace2d92 (patch)
tree85793260483a216db66318156505b9cfab202fc9
parent93faef906524ed8b5238aef31bd82a28219c4753 (diff)
Security fix for CVE-2009-0217mono-1-2-2
svn path=/branches/mono-1-2-2/mcs/; revision=137891
-rw-r--r--mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs31
1 files changed, 21 insertions, 10 deletions
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs b/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs
index 0deb351d9d1..9515aaff11a 100644
--- a/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs
+++ b/mcs/class/System.Security/System.Security.Cryptography.Xml/SignedXml.cs
@@ -580,17 +580,28 @@ namespace System.Security.Cryptography.Xml {
return false;
byte[] actual = macAlg.ComputeHash (s);
- // HMAC signature may be partial
+ // HMAC signature may be partial and specified by <HMACOutputLength>
if (m_signature.SignedInfo.SignatureLength != null) {
- int length = actual.Length;
- try {
- // SignatureLength is in bits
- length = (Int32.Parse (m_signature.SignedInfo.SignatureLength) >> 3);
- }
- catch {
- }
-
- if (length != actual.Length) {
+ int length = Int32.Parse (m_signature.SignedInfo.SignatureLength);
+ // we only support signatures with a multiple of 8 bits
+ // and the value must match the signature length
+ if ((length & 7) != 0)
+ throw new CryptographicException ("Signature length must be a multiple of 8 bits.");
+
+ // SignatureLength is in bits (and we works on bytes, only in multiple of 8 bits)
+ // and both values must match for a signature to be valid
+ length >>= 3;
+ if (length != m_signature.SignatureValue.Length)
+ throw new CryptographicException ("Invalid signature length.");
+
+ // is the length "big" enough to make the signature meaningful ?
+ // we use a minimum of 80 bits (10 bytes) or half the HMAC normal output length
+ // e.g. HMACMD5 output 128 bits but our minimum is 80 bits (not 64 bits)
+ int minimum = Math.Max (10, actual.Length / 2);
+ if (length < minimum)
+ throw new CryptographicException ("HMAC signature is too small");
+
+ if (length < actual.Length) {
byte[] trunked = new byte [length];
Buffer.BlockCopy (actual, 0, trunked, 0, length);
actual = trunked;