From 481fb8581fdf891b768eeb0bc88855c27689722b Mon Sep 17 00:00:00 2001

From: Fraser Tweedale <ftweedal@redhat.com>

Date: Fri, 18 Aug 2017 16:17:49 +1000

Subject: [PATCH] MS cert template: validate argument

Update the server to validate the MS V2 certificate template option

argument when adding or updating a request.

Fixes: https://pagure.io/certmonger/issue/78

---

 src/Makefile.am |  4 +++-

 src/certext.c   | 13 +++++++++++++

 src/certext.h   |  5 +++++

 src/tdbush.c    | 25 +++++++++++++++++++++++--

 4 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am

index 479903c..213bfa9 100644

--- a/src/Makefile.am

+++ b/src/Makefile.am

@@ -186,7 +186,7 @@ tdbusm_check_SOURCES = tdbusm-check.c tm.c tm.h

 tdbusm_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(POPT_LIBS)

 serial_check_LDADD = libcm.a $(CERTMONGER_LIBS) $(LTLIBICONV)

 nl_check_LDADD = libcm.a $(CERTMONGER_LIBS)

-submit_x_CFLAGS = $(AM_CFLAGS) -DCM_SUBMIT_X_MAIN

+submit_x_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS) -DCM_SUBMIT_X_MAIN

 submit_x_SOURCES = submit-x.c submit-x.h submit-u.c submit-u.h log.c log.h \

 	tm.c tm.h

 submit_x_LDADD = $(XMLRPC_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \

@@ -205,12 +205,14 @@ pkglibexec_PROGRAMS += local-submit

 pkglibexec_PROGRAMS += scep-submit

 endif

 noinst_PROGRAMS += submit-h submit-d

+ipa_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS)

 ipa_submit_SOURCES = ipa.c srvloc.c srvloc.h store.h store-gen.c \

 		submit-x.c submit-x.h submit-u.c submit-u.h \

 		submit-e.h util.c util.h log.c log.h tm.c tm.h

 ipa_submit_LDADD = $(XMLRPC_LIBS) $(LDAP_LIBS) $(KRB5_LIBS) $(TALLOC_LIBS) \

 		   $(GMP_LIBS) $(IDN_LIBS) $(OPENSSL_LIBS) $(UUID_LIBS) \

 		   $(RESOLV_LIBS) $(LTLIBICONV) $(POPT_LIBS)

+certmaster_submit_CFLAGS = $(AM_CFLAGS) $(NSS_CFLAGS)

 certmaster_submit_SOURCES = certmaster.c submit-x.c submit-x.h \

 		submit-e.h submit-u.c submit-u.h util.c util.h log.c log.h \

 		tm.c tm.h

diff --git a/src/certext.c b/src/certext.c

index 5f8a743..587496f 100644

--- a/src/certext.c

+++ b/src/certext.c

@@ -1663,6 +1663,19 @@ cm_certext_build_certificate_template(

 	return SECITEM_ArenaDupItem(arena, &encoded);

 }

+/* Validate a V2 template spec */

+PRBool cm_ms_template_valid(char *template_spec) {

+	PLArenaPool *arena = PORT_NewArena(sizeof(double));

+	if (arena == NULL)

+		return PR_FALSE;

+	SECItem *result =

+		cm_certext_build_certificate_template(arena, template_spec);

+	PORT_FreeArena(arena, PR_FALSE);

+	// *result has been freed, but we don't read it;

+	// we only need to know whether the parse succeeded

+	return result != NULL;

+}

+

 /* Build a Netscape certtype extension value. */

 static SECItem *

 cm_certext_build_ns_certtype(struct cm_store_entry *entry,

diff --git a/src/certext.h b/src/certext.h

index 530ece4..5e95835 100644

--- a/src/certext.h

+++ b/src/certext.h

@@ -15,6 +15,8 @@

  * along with this program.  If not, see <http://www.gnu.org/licenses/>.

  */

+#include <prtypes.h>

+

 #ifndef cmcertext_h

 #define cmcertext_h

@@ -25,4 +27,7 @@ void cm_certext_build_csr_extensions(struct cm_store_entry *entry,

 				     struct NSSInitContextStr *ctx,

 				     unsigned char **encoded, size_t *length);

+/* Validate a V2 template spec */

+PRBool cm_ms_template_valid(char *template_spec);

+

 #endif

diff --git a/src/tdbush.c b/src/tdbush.c

index 9e2a372..04fe57e 100644

--- a/src/tdbush.c

+++ b/src/tdbush.c

@@ -32,6 +32,7 @@

 #include "log.h"

 #include "cm.h"

+#include "certext.h"

 #include "prefs.h"

 #include "store.h"

 #include "store-int.h"

@@ -1572,7 +1573,18 @@ base_add_request(DBusConnection *conn, DBusMessage *msg,

 					  CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE,

 					  cm_tdbusm_dict_s);

 	if (param != NULL) {

-		// TODO check validity

+		if (param->value.s != NULL

+		    && strlen(param->value.s) > 0

+		    && !cm_ms_template_valid(param->value.s)) {

+			cm_log(1, "Invalid V2 certificate template specifier: %s", param->value.s);

+			ret = send_internal_base_bad_arg_error(

+				conn, msg,

+				_("Invalid V2 certificate template specifier: %s"),

+				param->value.s,

+				CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE);

+			talloc_free(parent);

+			return ret;

+		}

 		new_entry->cm_template_certificate_template = maybe_strdup(new_entry,

 									   param->value.s);

 	}

@@ -3330,8 +3342,17 @@ request_modify(DBusConnection *conn, DBusMessage *msg,

 			} else

 			if ((param->value_type == cm_tdbusm_dict_s) &&

 			    (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE) == 0)) {

+				if (param->value.s != NULL

+				    && strlen(param->value.s) > 0

+				    && !cm_ms_template_valid(param->value.s)) {

+					cm_log(1, "Invalid V2 certificate template specifier: %s", param->value.s);

+					return send_internal_base_bad_arg_error(

+						conn, msg,

+						_("Invalid V2 certificate template specifier: %s"),

+						param->value.s,

+						CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE);

+				}

 				talloc_free(entry->cm_template_certificate_template);

-				// TODO check validity

 				entry->cm_template_certificate_template =

 					maybe_strdup(entry, param->value.s);

 				if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) {

-- 

2.14.4