Fix xmlseclibs vulnerability CVE-2025-66475

pitbulk · web-flow · commit cb3e5b4078d9 · 2025-12-09T10:36:30.000+01:00
Added error handling for C14N method in xmlseclibs.php Fix CVE-2025-66475 See GHSA-c4cc-x928-vjw9
diff --git a/extlib/xmlseclibs/xmlseclibs.php b/extlib/xmlseclibs/xmlseclibs.php
@@ -673,7 +673,11 @@ private function canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefi
             }
         }
 
-        return $node->C14N($exclusive, $withComments, $arXPath, $prefixList);
+        $ret = $node->C14N($exclusive, $withComments, $arXPath, $prefixList);
+        if ($ret === false) {
+            throw new Exception("Canonicalization failed");
+        }
+        return $ret;
     }
 
     public function canonicalizeSignedInfo() {

Original file line number	Diff line number	Diff line change
`@@ -673,7 +673,11 @@ private function canonicalizeData($node, $canonicalmethod, $arXPath=null, $prefi`
`673`	`673`	`}`
`674`	`674`	`}`
`675`	`675`
`676`		`- return $node->C14N($exclusive, $withComments, $arXPath, $prefixList);`
	`676`	`+ $ret = $node->C14N($exclusive, $withComments, $arXPath, $prefixList);`
	`677`	`+ if ($ret === false) {`
	`678`	`+ throw new Exception("Canonicalization failed");`
	`679`	`+ }`
	`680`	`+ return $ret;`
`677`	`681`	`}`
`678`	`682`
`679`	`683`	`public function canonicalizeSignedInfo() {`