Mahara

Security Upgrade SimpleSAML 1.18.4 to 1.18.7

  1. Series 19.10
  2. Bug #1889485
Bug #1889485 reported by Lisa Seeto
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
19.04
Fix Released
High
Unassigned
Mahara 19.04.6
19.10
Fix Released
High
Unassigned
Mahara 19.10.4
20.04
Fix Released
High
Unassigned
Mahara 20.04.1
20.10
Fix Released
High
Lisa Seeto
Mahara 20.10.0

Bug Description

From https://simplesamlphp.org/security/202004-01:

Date
April 03, 2020
Affected versions
SimpleSAMLphp 1.18.5 and older
Severity
Low

Background

The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser.
Description

The check to identify paths ending with .php does not account for uppercase letters. If someone requests a path ending with e.g. .PHP and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser.
Affected versions

SimpleSAMLphp versions 1.18.5 and older.

We will upgrade to version 1.18.7

Lisa Seeto (lisaseeto)
Changed in mahara:
milestone: none → 19.10.4
milestone: 19.10.4 → none
milestone: none → 19.04.6
Revision history for this message
Lisa Seeto (lisaseeto) wrote :
Download full text (3.5 KiB)

This patch introduces an error, currently produces the following while trying to log in via saml login:

[WAR] 84 (auth/saml/extlib/simplesamlphp/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php:499) openssl_sign(): supplied key param cannot be coerced into a private key
Call stack (most recent first):

    log_message("openssl_sign(): supplied key param cannot be coerc...", 8, true, true, "/home/lisaseeto/code/mahara/htdocs/auth/saml/extli...", 499) at /home/lisaseeto/code/mahara/htdocs/lib/errors.php:521
    error(2, "openssl_sign(): supplied key param cannot be coerc...", "/home/lisaseeto/code/mahara/htdocs/auth/saml/extli...", 499, array(size 3)) at Unknown:0
    openssl_sign("SAMLRequest=fVJdb8IgFP0rDe%2BVWr9aoiZOs8zETbO6Pexl...", null, false, "SHA256") at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php:499
    RobRichards\XMLSecLibs\XMLSecurityKey->signOpenSSL("SAMLRequest=fVJdb8IgFP0rDe%2BVWr9aoiZOs8zETbO6Pexl...") at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php:580
    RobRichards\XMLSecLibs\XMLSecurityKey->signData("SAMLRequest=fVJdb8IgFP0rDe%2BVWr9aoiZOs8zETbO6Pexl...") at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/HTTPRedirect.php:61
    SAML2\HTTPRedirect->getRedirectURL(object(SAML2\AuthnRequest)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/HTTPRedirect.php:84
    SAML2\HTTPRedirect->send(object(SAML2\AuthnRequest)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:704
    SimpleSAML\Module\saml\Auth\Source\SP->sendSAML2AuthnRequest(array(size 18), object(SAML2\HTTPRedirect), object(SAML2\AuthnRequest)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:686
    SimpleSAML\Module\saml\Auth\Source\SP->startSSO2(object(SimpleSAML\Configuration), array(size 18)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:728
    SimpleSAML\Module\saml\Auth\Source\SP->startSSO("http://idp1:8084/simplesaml/saml2/idp/metadata.php", array(size 15)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:826
    SimpleSAML\Module\saml\Auth\Source\SP->authenticate(array(size 15)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/lib/SimpleSAML/Auth/Source.php:208
    SimpleSAML\Auth\Source->initLogin("http://mahara/auth/saml/index.php", null, array(size 3)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/lib/SimpleSAML/Auth/Simple.php:167
    SimpleSAML\Auth\Simple->login(array(size 3)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/extlib/simplesamlphp/lib/SimpleSAML/Auth/Simple.php:109
    SimpleSAML\Auth\Simple->requireAuth(array(size 2)) at /home/lisaseeto/code/mahara/htdocs/auth/saml/index.php:127

[WAR] 84 (lib/errors.php:536) [SimpleSAML\Error\UnserializableException]: Failure Signing Data: error:23077074:PKCS12 routines:PKCS12...

Read more...

Revision history for this message
Lisa Seeto (lisaseeto) wrote :

The error described in comment #1 is no longer occurring.

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/11093
Committed: https://git.mahara.org/mahara/mahara/commit/7f97ceb72e4cf0caafaee2963a3ec2152b874137
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 7f97ceb72e4cf0caafaee2963a3ec2152b874137
Author: Lisa Seeto <email address hidden>
Date: Thu Jul 30 11:39:35 2020 +1200

Bug 1889485: Security Upgrade SimpleSAML 1.18.4 to 1.18.7

- upgrade to version 1.18.7

Change-Id: I4e7ca4de32a4c69224c184013c15f92069cc97ff
Signed-off-by: Lisa Seeto <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "19.10_STABLE" branch: https://reviews.mahara.org/11105

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/11106
Committed: https://git.mahara.org/mahara/mahara/commit/f64ccffddc730696cb7a9a9f515fb2e243be5675
Submitter: Robert Lyon (<email address hidden>)
Branch: 19.04_STABLE

commit f64ccffddc730696cb7a9a9f515fb2e243be5675
Author: Lisa Seeto <email address hidden>
Date: Thu Jul 30 11:39:35 2020 +1200

Bug 1889485: Security Upgrade SimpleSAML 1.18.4 to 1.18.7

- upgrade to version 1.18.7

Change-Id: I4e7ca4de32a4c69224c184013c15f92069cc97ff
Signed-off-by: Lisa Seeto <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/11104
Committed: https://git.mahara.org/mahara/mahara/commit/56d1f7ee448c7bdee82d0779b268258b7d76e4cb
Submitter: Robert Lyon (<email address hidden>)
Branch: 20.04_STABLE

commit 56d1f7ee448c7bdee82d0779b268258b7d76e4cb
Author: Lisa Seeto <email address hidden>
Date: Thu Jul 30 11:39:35 2020 +1200

Bug 1889485: Security Upgrade SimpleSAML 1.18.4 to 1.18.7

- upgrade to version 1.18.7

Change-Id: I4e7ca4de32a4c69224c184013c15f92069cc97ff
Signed-off-by: Lisa Seeto <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/11105
Committed: https://git.mahara.org/mahara/mahara/commit/139c185edac29ceeb4e64f855bf483a6e32723ee
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 19.10_STABLE

commit 139c185edac29ceeb4e64f855bf483a6e32723ee
Author: Lisa Seeto <email address hidden>
Date: Thu Jul 30 11:39:35 2020 +1200

Bug 1889485: Security Upgrade SimpleSAML 1.18.4 to 1.18.7

- upgrade to version 1.18.7

Change-Id: I4e7ca4de32a4c69224c184013c15f92069cc97ff
Signed-off-by: Lisa Seeto <email address hidden>

Robert Lyon (robertl-9)
Changed in mahara:
milestone: 20.10.0 → none
Kristina Hoeppner (kris-hoeppner)
no longer affects: mahara
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.