From: Juraj Ĺ arinay Date: Thu, 6 Mar 2025 01:02:56 +0000 (+0100) Subject: Properly verify adbe.pkcs7.sha1 signatures. X-Git-Tag: archive/raspbian/25.03.0-5+rpi1^2~2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ad97feeb70808c40353da7cfe77441dc24b7fc31;p=poppler.git Properly verify adbe.pkcs7.sha1 signatures. For signatures with non-empty encapsulated content (typically adbe.pkcs7.sha1), we only compared hash values and never actually checked SignatureValue within SignerInfo. The bug introduced by c7c0207b1cfe49a4353d6cda93dbebef4508138f made trivial signature forgeries possible. Fix this by calling NSS_CMSSignerInfo_Verify() after the hash values compare equal. Origin: upstream 25.04.0 Gbp-Pq: Name CVE-2025-43903.patch --- diff --git a/poppler/NSSCryptoSignBackend.cc b/poppler/NSSCryptoSignBackend.cc index 521137d..eeea26e 100644 --- a/poppler/NSSCryptoSignBackend.cc +++ b/poppler/NSSCryptoSignBackend.cc @@ -877,13 +877,18 @@ SignatureValidationStatus NSSSignatureVerification::validateSignature() This means it's not a detached type signature so the digest is contained in SignedData->contentInfo */ - if (digest.len == content_info_data->len && memcmp(digest.data, content_info_data->data, digest.len) == 0) { - return SIGNATURE_VALID; - } else { + if (digest.len != content_info_data->len || memcmp(digest.data, content_info_data->data, digest.len) != 0) { return SIGNATURE_DIGEST_MISMATCH; } - } else if (NSS_CMSSignerInfo_Verify(CMSSignerInfo, &digest, nullptr) != SECSuccess) { + auto innerHashContext = HashContext::create(hashContext->getHashAlgorithm()); + innerHashContext->updateHash(content_info_data->data, content_info_data->len); + digest_buffer = innerHashContext->endHash(); + digest.data = digest_buffer.data(); + digest.len = digest_buffer.size(); + } + + if (NSS_CMSSignerInfo_Verify(CMSSignerInfo, &digest, nullptr) != SECSuccess) { return NSS_SigTranslate(CMSSignerInfo->verificationStatus); } else { return SIGNATURE_VALID;