79ad92f6bb
- Fix (bsc#1214566) - (CVE-2023-20900) - VUL-0: CVE-2023-20900: open-vm-tools: SAML token signature bypass vulnerability + Add patch: CVE-20230-20900.patch OBS-URL: https://build.opensuse.org/request/show/1108317 OBS-URL: https://build.opensuse.org/package/show/Virtualization:VMware/open-vm-tools?expand=0&rev=440
35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001
|
|
From: John Wolfe <jwolfe@vmware.com>
|
|
Date: Fri, 18 Aug 2023 11:23:53 -0700
|
|
Subject: [PATCH] Address CVE-2023-20900
|
|
|
|
VGAuth: Allow only X509 certs to verify the SAML token signature.
|
|
|
|
---
|
|
open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
|
|
index f5541a9..0b2a945 100644
|
|
--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
|
|
+++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
|
|
@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc,
|
|
*/
|
|
bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
|
|
if (bRet == FALSE) {
|
|
- g_warning("failed to register ID\n");
|
|
+ g_warning("Failed to register ID\n");
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ /* Use only X509 certs to validate the signature */
|
|
+ if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
|
|
+ BAD_CAST xmlSecKeyDataX509Id) < 0) {
|
|
+ g_warning("Failed to limit allowed key data\n");
|
|
goto done;
|
|
}
|
|
|
|
--
|
|
2.6.2
|
|
|