Skip to content

Commit 1e46b98

Browse files
author
Bulat Gaifullin
committed
Fix segfault on encrypt malformed document
1 parent f1c0836 commit 1e46b98

3 files changed

Lines changed: 238 additions & 1 deletion

File tree

src/enc.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,11 @@ static void PyXmlSec_ClearReplacedNodes(xmlSecEncCtxPtr ctx, PyXmlSec_LxmlDocume
177177
PYXMLSEC_DEBUGF("clear replaced node %p", n);
178178
nn = n->next;
179179
// if n has references, it will not be deleted
180-
Py_DECREF(PyXmlSec_elementFactory(doc, n));
180+
PyXmlSec_LxmlElementPtr* elem = PyXmlSec_elementFactory(doc, n);
181+
if (NULL == elem)
182+
xmlFreeNode(n);
183+
else
184+
Py_DECREF(elem);
181185
n = nn;
182186
}
183187
ctx->replacedNodeList = NULL;
@@ -242,6 +246,9 @@ static PyObject* PyXmlSec_EncryptionContextEncryptXml(PyObject* self, PyObject*
242246
Py_END_ALLOW_THREADS;
243247

244248
PyXmlSec_ClearReplacedNodes(ctx->handle, node->_doc);
249+
if (NULL != PyErr_Occurred()) {
250+
goto ON_FAIL;
251+
}
245252

246253
if (rv != 0) {
247254
if (rv > 0) {
@@ -253,6 +260,7 @@ static PyObject* PyXmlSec_EncryptionContextEncryptXml(PyObject* self, PyObject*
253260
}
254261

255262
xmlFree(tmpType);
263+
256264
PYXMLSEC_DEBUGF("%p: encrypt_xml - ok", self);
257265
return (PyObject*)PyXmlSec_elementFactory(node->_doc, xnew_node != NULL ? xnew_node : template->_c_node);
258266
ON_FAIL:

tests/data/enc-bad-in.xml

Lines changed: 208 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,208 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
3+
<soap:Header>
4+
</soap:Header>
5+
<soap:Body>
6+
<ProcessCreditApplication xmlns="http://www.starstandards.org/STAR">
7+
<ApplicationArea>
8+
<Sender>
9+
<Component>MyNextCar</Component>
10+
<Task>CreditApplication</Task>
11+
<CreatorNameCode>MYNEXTCAR</CreatorNameCode>
12+
<SenderNameCode>VW</SenderNameCode>
13+
<DealerNumber>409D03</DealerNumber>
14+
<LocationId>MyNextCar</LocationId>
15+
</Sender>
16+
<CreationDateTime>2018-11-20T09:37:45Z</CreationDateTime>
17+
<BODId>7f0842cc-8d47-4955-be31-c61d07ee490b</BODId>
18+
<Destination>
19+
<DestinationNameCode>VW</DestinationNameCode>
20+
</Destination>
21+
</ApplicationArea>
22+
<DataArea>
23+
<Process confirm="Always" acknowledge="Always">
24+
</Process>
25+
<CreditApplication>
26+
<Header>
27+
<DocumentId>VCI_MNA_0000070250</DocumentId>
28+
<FinanceCompany/>
29+
<Dealer>
30+
<DealerName>Car Chantilly</DealerName>
31+
<Address>
32+
<AddressLine>14839 Stonecroft Center Ct</AddressLine>
33+
<City>Chantilly</City>
34+
<StateOrProvince>VA</StateOrProvince>
35+
<Country>US</Country>
36+
<PostalCode>20151</PostalCode>
37+
</Address>
38+
<SalesContact>
39+
<PersonName>
40+
<GivenName>MyNextCar</GivenName>
41+
<FamilyName>MNA</FamilyName>
42+
</PersonName>
43+
<Telephone>7039562100</Telephone>
44+
</SalesContact>
45+
<OrganizationId>CAR</OrganizationId>
46+
</Dealer>
47+
<ApplicationStatus>N</ApplicationStatus>
48+
</Header>
49+
<Detail>
50+
<CreditVehicle>
51+
<ModelYear>2017</ModelYear>
52+
<ModelDescription>Q7</ModelDescription>
53+
<Make>CAR</Make>
54+
<SaleClass>New</SaleClass>
55+
<DeliveryMileage uom="M">0</DeliveryMileage>
56+
<BodyStyle>Prestige</BodyStyle>
57+
<Pricing>
58+
<VehiclePrice currency="USD">64300.0</VehiclePrice>
59+
<VehiclePricingType>MSRP</VehiclePricingType>
60+
</Pricing>
61+
<Pricing>
62+
<VehiclePrice currency="USD">64300.0</VehiclePrice>
63+
<VehiclePricingType>Selling Price</VehiclePricingType>
64+
</Pricing>
65+
</CreditVehicle>
66+
<IndividualApplicant>
67+
<AlternatePartyIds>
68+
<Id>113456789</Id>
69+
<AssigningPartyId>NationalId</AssigningPartyId>
70+
</AlternatePartyIds>
71+
<PersonName>
72+
<GivenName>John</GivenName>
73+
<MiddleName>Q</MiddleName>
74+
<FamilyName>Public</FamilyName>
75+
</PersonName>
76+
<Address qualifier="HomeAddress">
77+
<AddressLine>999 Washington Ave</AddressLine>
78+
<AddressLine>Apt #332</AddressLine>
79+
<City>Front Royal</City>
80+
<StateOrProvince>VA</StateOrProvince>
81+
<Country>US</Country>
82+
<PostalCode>22630</PostalCode>
83+
<PeriodOfResidence period="YR">01</PeriodOfResidence>
84+
<PeriodOfResidence period="MO">10</PeriodOfResidence>
85+
<ResidenceType>Own</ResidenceType>
86+
</Address>
87+
<Address qualifier="PreviousAddress">
88+
<AddressLine>21 E 9th Ave</AddressLine>
89+
<City>Boulder</City>
90+
<StateOrProvince>CO</StateOrProvince>
91+
<Country>US</Country>
92+
<PostalCode>80301-7577</PostalCode>
93+
<PeriodOfResidence period="YR">07</PeriodOfResidence>
94+
<PeriodOfResidence period="MO">11</PeriodOfResidence>
95+
<ResidenceType>Own</ResidenceType>
96+
</Address>
97+
<Contact>
98+
<Telephone desc="Day Phone">3032852402</Telephone>
99+
<Telephone desc="Evening Phone">3032852405</Telephone>
100+
<Telephone desc="Cell Phone">7203554444</Telephone>
101+
<EMailAddress desc="Home">JohnQPublic@anydomain.org</EMailAddress>
102+
</Contact>
103+
<Demographics>
104+
<BirthDate>1967-07-31</BirthDate>
105+
</Demographics>
106+
<MarketingMailInd>0</MarketingMailInd>
107+
<Employer>
108+
<Name>UPS</Name>
109+
<Address>
110+
<AddressLine>1775 Wiehle Ave.</AddressLine>
111+
<City>Reston</City>
112+
<StateOrProvince>VA</StateOrProvince>
113+
<Country>US</Country>
114+
<PostalCode>20190</PostalCode>
115+
</Address>
116+
<Income currency="USD" period="MO">9500.0</Income>
117+
<Occupation>Driver</Occupation>
118+
<PeriodOfEmployment period="YR">01</PeriodOfEmployment>
119+
<PeriodOfEmployment period="MO">05</PeriodOfEmployment>
120+
<EmploymentCode>Current</EmploymentCode>
121+
</Employer>
122+
<Employer>
123+
<Name>FedEx</Name>
124+
<Income currency="USD" period="MO">4000.00</Income>
125+
<Occupation>Driver</Occupation>
126+
<PeriodOfEmployment period="YR">04</PeriodOfEmployment>
127+
<PeriodOfEmployment period="MO">09</PeriodOfEmployment>
128+
<EmploymentCode>Previous</EmploymentCode>
129+
</Employer>
130+
<PaymentAmount currency="USD">1252.52</PaymentAmount>
131+
<OtherIncome>
132+
<OtherIncomeAmount currency="USD" period="SmAN">1500.00</OtherIncomeAmount>
133+
</OtherIncome>
134+
<Privacy>
135+
<PrivacyInd>1</PrivacyInd>
136+
<PrivacyType>Consents to Credit Check</PrivacyType>
137+
</Privacy>
138+
</IndividualApplicant>
139+
<Co-Applicant>
140+
<AlternatePartyIds>
141+
<Id>123435325</Id>
142+
<AssigningPartyId>NationalId</AssigningPartyId>
143+
</AlternatePartyIds>
144+
<PersonName>
145+
<GivenName>Lisa</GivenName>
146+
<MiddleName>C</MiddleName>
147+
<FamilyName>Public</FamilyName>
148+
</PersonName>
149+
<Address qualifier="HomeAddress">
150+
<AddressLine>999 Lewis Street</AddressLine>
151+
<City>Front Royal</City>
152+
<StateOrProvince>VA</StateOrProvince>
153+
<Country>US</Country>
154+
<PostalCode>22630</PostalCode>
155+
<PeriodOfResidence period="YR">5</PeriodOfResidence>
156+
<PeriodOfResidence period="MO">0</PeriodOfResidence>
157+
<ResidenceType>Own</ResidenceType>
158+
</Address>
159+
<Contact>
160+
<Telephone desc="Day Phone">5401110000</Telephone>
161+
<Telephone desc="Evening Phone">5401110073</Telephone>
162+
<EMailAddress desc="Home">public@test.com</EMailAddress>
163+
</Contact>
164+
<Demographics>
165+
<BirthDate>1963-04-20</BirthDate>
166+
</Demographics>
167+
<Employer>
168+
<Name>Christendom College</Name>
169+
<Address>
170+
<AddressLine>999 Christendom Dr</AddressLine>
171+
<City>Front Royal</City>
172+
<StateOrProvince>VA</StateOrProvince>
173+
<Country>US</Country>
174+
<PostalCode>22630</PostalCode>
175+
</Address>
176+
<Income currency="USD" period="MO">6200.00</Income>
177+
<Occupation>Professor</Occupation>
178+
<PeriodOfEmployment period="YR">5</PeriodOfEmployment>
179+
<PeriodOfEmployment period="MO">0</PeriodOfEmployment>
180+
<EmploymentCode>Current</EmploymentCode>
181+
</Employer>
182+
<PaymentAmount currency="USD">1252.52</PaymentAmount>
183+
<Privacy>
184+
<PrivacyInd>1</PrivacyInd>
185+
<PrivacyType>Consents to Credit Check</PrivacyType>
186+
</Privacy>
187+
</Co-Applicant>
188+
<Financing>
189+
<FinanceType>R</FinanceType>
190+
<PaymentAmount currency="USD">0.00</PaymentAmount>
191+
<Term length="Months">66</Term>
192+
<DownPaymentAmount currency="USD">5000.00</DownPaymentAmount>
193+
<ApplicationType>INDIVCOAPP</ApplicationType>
194+
<NetTradeAmount currency="USD">2000.00</NetTradeAmount>
195+
<SpecialPrograms>MyNextCar</SpecialPrograms>
196+
<TradeIn>
197+
<ModelYear>1978</ModelYear>
198+
<ModelDescription>Bonneville</ModelDescription>
199+
<Make>Pontiac</Make>
200+
<BodyStyle>Coupe</BodyStyle>
201+
</TradeIn>
202+
</Financing>
203+
</Detail>
204+
</CreditApplication>
205+
</DataArea>
206+
</ProcessCreditApplication>
207+
</soap:Body>
208+
</soap:Envelope>

tests/test_enc.py

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,3 +116,24 @@ def check_decrypt(self, i):
116116
decrypted = ctx.decrypt(enc_data)
117117
self.assertIsNotNone(decrypted)
118118
self.assertEqual(self.load_xml("enc%d-in.xml" % i), root)
119+
120+
121+
def check_no_segfault(self):
122+
namespaces = {
123+
'soap': 'http://schemas.xmlsoap.org/soap/envelope/'
124+
}
125+
126+
manager = xmlsec.KeysManager()
127+
key = xmlsec.Key.from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatCertPem)
128+
manager.add_key(key)
129+
template = self.load_xml('enc-bad-in.xml')
130+
enc_data = xmlsec.template.encrypted_data_create(
131+
template, xmlsec.Transform.AES128, type=xmlsec.EncryptionType.CONTENT, ns='xenc')
132+
xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
133+
key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns='dsig')
134+
enc_key = xmlsec.template.add_encrypted_key(key_info, xmlsec.Transform.RSA_PKCS1)
135+
xmlsec.template.encrypted_data_ensure_cipher_value(enc_key)
136+
data = template.find('soap:Body', namespaces=namespaces)
137+
enc_ctx = xmlsec.EncryptionContext(manager)
138+
enc_ctx.key = xmlsec.Key.generate(xmlsec.KeyData.AES, 192, xmlsec.KeyDataType.SESSION)
139+
self.assertRaises(Exception, enc_ctx.encrypt_xml(enc_data, data))

0 commit comments

Comments
 (0)