diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 27479a9d3..419c83a8f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -112,7 +112,7 @@ jobs: container: fedora:${{ matrix.container }} strategy: matrix: - container: [42, 43, rawhide] + container: [42, 43, 44, rawhide] steps: - name: Install Deps run: | @@ -137,7 +137,7 @@ jobs: strategy: matrix: dist: [ubuntu] - ver: ['22.04', '24.04', '25.10'] + ver: ['22.04', '24.04', '25.10', '26.04'] arch: [amd64, arm64] java: [17] include: [ diff --git a/src/SignatureXAdES_B.cpp b/src/SignatureXAdES_B.cpp index 6f1723853..d20ec2204 100644 --- a/src/SignatureXAdES_B.cpp +++ b/src/SignatureXAdES_B.cpp @@ -745,7 +745,7 @@ void SignatureXAdES_B::setSignatureProductionPlace(string_view name, * * @param roles signer roles. */ -void SignatureXAdES_B::setSignerRoles(string_view name, const vector &roles) noexcept +void SignatureXAdES_B::setSignerRoles(string_view name, const vector &roles) { if(roles.empty()) return; diff --git a/src/SignatureXAdES_B.h b/src/SignatureXAdES_B.h index 56f12e485..aa212fdf7 100644 --- a/src/SignatureXAdES_B.h +++ b/src/SignatureXAdES_B.h @@ -112,7 +112,7 @@ namespace digidoc void setSignatureProductionPlace(std::string_view name, const std::string &city, const std::string &streetAddress, const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName) noexcept; - void setSignerRoles(std::string_view name, const std::vector &signerRoles) noexcept; + void setSignerRoles(std::string_view name, const std::vector &signerRoles); constexpr XMLNode V1orV2(std::string_view v1, std::string_view v2) const noexcept; // offline checks diff --git a/src/XMLDocument.h b/src/XMLDocument.h index 36e8c280c..f9a974819 100644 --- a/src/XMLDocument.h +++ b/src/XMLDocument.h @@ -234,10 +234,22 @@ struct XMLNode: public XMLElem return from_base64(operator sv()); } - XMLNode& operator=(sv text) noexcept + XMLNode& operator=(sv text) { if(!d) return *this; + const char *utf = std::to_address(text.cbegin()); + const char *end = utf + text.size(); + while (utf < end) { + int len = int(end - utf); // remaining bytes + int uc = xmlGetUTF8Char((const unsigned char *) utf, &len); + if (len < 1) { + THROW("Invalid utf8 string in XML content"); + } else if (((uc < 0x20) && (uc != 0x9) && (uc != 0xa) && (uc != 0xd)) || (uc == 0xfffe) || (uc == 0xffff)) { + THROW("Invalid character '0x%2x' in XML content", uc); + } + utf += len; + } xmlNodeSetContentLen(d, nullptr, 0); if(!text.empty()) xmlNodeAddContentLen(d, pcxmlChar(text.data()), int(text.length())); diff --git a/src/crypto/Signer.cpp b/src/crypto/Signer.cpp index ea40f8f7c..ca4426e23 100644 --- a/src/crypto/Signer.cpp +++ b/src/crypto/Signer.cpp @@ -73,6 +73,7 @@ Signer::~Signer() = default; * @param stateOrProvince * @param postalCode * @param countryName + * The strings have to be utf8 encoded and not contain any control values (any char < 0x20 except 0x9, 0xa and 0xd) */ void Signer::setSignatureProductionPlace(const string &city, const string &stateOrProvince, const string &postalCode, const string &countryName) @@ -91,6 +92,7 @@ void Signer::setSignatureProductionPlace(const string &city, * @param stateOrProvince * @param postalCode * @param countryName + * The strings have to be utf8 encoded and not contain any control values (any char < 0x20 except 0x9, 0xa and 0xd) */ void Signer::setSignatureProductionPlaceV2(const string &city, const string &streetAddress, const string &stateOrProvince, const string &postalCode, const string &countryName) @@ -197,6 +199,7 @@ void Signer::setProfile(const string &profile) /** * Sets signature roles according XAdES standard. The parameter may contain the signer’s role and optionally the signer’s resolution. Note that only one signer role value (i.e. one <ClaimedRole> XML element) should be used. * If the signer role contains both role and resolution then they must be separated with a slash mark, e.g. “role / resolution”. + * The strings have to be utf8 encoded and not contain any control values (any char < 0x20 except 0x9, 0xa and 0xd) */ void Signer::setSignerRoles(const vector &signerRoles) {