Uploaded image for project: 'XMLTooling - C++'
  1. XMLTooling - C++
  2. CPPXT-128

Additional nodes can be added to XML without breaking signature

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.0, 1.1, 1.2, 1.2.1, 1.2.2, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6.0, 1.5.6, 1.6.1, 1.6.2, 1.6.3
    • Fix Version/s: 1.6.4
    • Labels:
      None

      Description

      An outside tester demonstrated that a similar attack to the DTD issue allows comments to be inserted without breaking a signature if the c14n method excludes them. This similarly corrupts the text content surfaced by the library.

      The "simple" fix for this would appear to be to ignore comments with the parser, which happens to be the default behavior of the Java library. The impact would likely be twofold:

      • serialization of metadata for backups would strip comments
      • metadata with comments signed using c14n methods that include them would not verify

      We presume the latter has not been a practice we see with the IdP, so presumably wouldn't be common with the SP.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            cantor.2@osu.edu Scott Cantor
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 4 hours, 15 minutes
                1d 4h 15m