[Libreoffice-commits] core.git: xmlsecurity/source

Miklos Vajna vmiklos at collabora.co.uk
Wed Feb 3 17:06:02 UTC 2016 

 xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx |   18 +++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

New commits:
commit 9c3ddf43bfaff9e21a52001a333e87fad397d465
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Wed Feb 3 18:04:12 2016 +0100

    xmlsecurity: validate OOXML <Manifest> references on Windows
    
    This is the mscrypto equivalent of what was done in commit
    e6aaf64cfc378d0daa0709c40c85ee1e9c0fd151 (xmlsecurity: validate OOXML
    <Manifest> references, 2016-02-01) for NSS.
    
    Change-Id: I7ee713fb5c7b55ded38100a0f25f718f2f323e08

diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
index 98ba662..84fb6d2 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
@@ -224,7 +224,23 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
     //error recorder feature to get the ONE error that made the verification fail, because there is no
     //documentation/specification as to how to interpret the number of recorded errors and what is the initial
     //error.
-    if( xmlSecDSigCtxVerify( pDsigCtx , pNode ) == 0 )
+    int rs = xmlSecDSigCtxVerify(pDsigCtx , pNode);
+
+    // Also verify manifest: this is empty for ODF, but contains everything (except signature metadata) for OOXML.
+    xmlSecSize nReferenceCount = xmlSecPtrListGetSize(&pDsigCtx->manifestReferences);
+    // Require that all manifest references are also good.
+    xmlSecSize nReferenceGood = 0;
+    for (xmlSecSize nReference = 0; nReference < nReferenceCount; ++nReference)
+    {
+        xmlSecDSigReferenceCtxPtr pReference = static_cast<xmlSecDSigReferenceCtxPtr>(xmlSecPtrListGetItem(&pDsigCtx->manifestReferences, nReference));
+        if (pReference)
+        {
+             if (pReference->status == xmlSecDSigStatusSucceeded)
+                 ++nReferenceGood;
+        }
+    }
+
+    if (rs == 0 && nReferenceCount == nReferenceGood)
     {
         if (pDsigCtx->status == xmlSecDSigStatusSucceeded)
             aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);

More information about the Libreoffice-commits mailing list