File bsc1212359.patch of Package xmltooling

Overview Repositories Revisions Requests Users Attributes Meta

File bsc1212359.patch of Package xmltooling

X-Git-Url: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=blobdiff_plain;f=xmltooling%2FXMLToolingConfig.cpp;h=dd5634d8055c9cb971cc99e5b1e5fc56a76c595f;hp=4bd5b11a0ca688f0b8fa2ed1b4997038202e4314;hb=6080f6343f98fec085bc0fd746913ee418cc9d30;hpb=40dcc327cd67e9e84f95b4f19087eae2397958b1

diff --git a/xmltooling/XMLToolingConfig.cpp b/xmltooling/XMLToolingConfig.cpp
index 4bd5b11..dd5634d 100644
--- a/xmltooling/XMLToolingConfig.cpp
+++ b/xmltooling/XMLToolingConfig.cpp
@@ -75,6 +75,7 @@
 # include <xsec/framework/XSECException.hpp>
 # include <xsec/framework/XSECProvider.hpp>
 # include <xsec/transformers/TXFMBase.hpp>
+# include <xsec/framework/XSECURIResolver.hpp>
 #endif
 
 using namespace soap11;
@@ -116,7 +117,7 @@ namespace {
 #endif
     static ptr_vector<Mutex> g_openssl_locks;
 
-    extern "C" void openssl_locking_callback(int mode,int n,const char *file,int line)
+    extern "C" void openssl_locking_callback(int mode, int n, const char *, int)
     {
         if (mode & CRYPTO_LOCK)
             g_openssl_locks[n].lock();
@@ -144,7 +145,7 @@ namespace {
 	    void setInput(TXFMBase *newInput) {
 	        input = newInput;
 	        if (newInput->getOutputType() != TXFMBase::BYTE_STREAM)
-		        throw XSECException(XSECException::TransformInputOutputFail, "OutputLog transform requires BYTE_STREAM input");
+		        throw XSECException(XSECException       ::TransformInputOutputFail, "OutputLog transform requires BYTE_STREAM input");
 	        keepComments = input->getCommentsStatus();
             m_log.debug("\n----- BEGIN SIGNATURE DEBUG -----\n");
         }
@@ -175,6 +176,27 @@ namespace {
         return nullptr;
     }
 
+    class BlockingXSECURIResolver : public XSECURIResolver {
+    public:
+    	BlockingXSECURIResolver() : m_log(Category::getInstance(XMLTOOLING_LOGCAT ".XMLSecurity")) {}
+    	~BlockingXSECURIResolver() {}
+
+    	BinInputStream* resolveURI(const XMLCh* uri) {
+    		auto_ptr_char temp(uri);
+    		m_log.warn("blocked remote resource retrieval by xml-security-c library: %s",
+    				temp.get() ? temp.get() : "(none)");
+    		return nullptr;
+    	}
+
+    	void setBaseURI(const XMLCh* uri) {}
+
+    	XSECURIResolver* clone() {
+    		return new BlockingXSECURIResolver();
+    	}
+
+    private:
+    	Category& m_log;
+    };
 #endif
 
 #ifdef WIN32
@@ -400,6 +422,7 @@ bool XMLToolingInternalConfig::init(bool deprecationSupport)
         XSECPlatformUtils::Initialise();
         XSECPlatformUtils::SetReferenceLoggingSink(TXFMOutputLogFactory);
         m_xsecProvider.reset(new XSECProvider());
+        m_xsecProvider->setDefaultURIResolver(new BlockingXSECURIResolver());
         log.debug("XML-Security %s initialization complete", XSEC_FULLVERSIONDOT);
 #endif

Places

File bsc1212359.patch of Package xmltooling

Places