[Libreoffice-commits] core.git: vcl/source

Tue Nov 29 13:56:04 UTC 2016

vcl/source/gdi/pdfwriter_impl.cxx |   20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

New commits:
commit 5bf32e4e78ffbe34f3b2840a9677ded34e5b4da7
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Tue Nov 29 12:03:39 2016 +0100

    vcl mscrypto PDF sign: don't assume that header length is always 2 bytes
    
    For now just assert that the short form doesn't try to handle larger
    values than expected, the long form has to be implemented once we hit
    the assert.
    
    Change-Id: Ib2b17b4e3c5772b68fef84a41438a56e55799e8b

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index ed90f38..2cbd8cb 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6774,6 +6774,14 @@ typedef BOOL (WINAPI *PointerTo_CryptRetrieveTimeStamp)(LPCWSTR wszUrl,
 
 namespace
 {
+
+/// Counts how many bytes are needed to encode a given length.
+size_t GetLengthOfLength(size_t nLength)
+{
+    assert(nLength <= 127);
+    return 1;
+}
+
 /// Create payload for the 'signing-certificate' signed attribute.
 bool CreateSigningCertificateAttribute(vcl::PDFWriter::PDFSignContext& rContext, SvStream& rEncodedCertificate)
 {
@@ -6832,12 +6840,12 @@ bool CreateSigningCertificateAttribute(vcl::PDFWriter::PDFSignContext& rContext,
     //              NULL: parameters
     //       OCTET STRING: certHash
 
-    size_t nAlgorithm = aSHA256.size() + 2;
-    size_t nParameters = 2;
-    size_t nAlgorithmIdentifier = nAlgorithm + nParameters + 2;
-    size_t nCertHash = aHash.size() + 2;
-    size_t nESSCertIDv2 = nAlgorithmIdentifier + nCertHash + 2;
-    size_t nESSCertIDv2s = nESSCertIDv2 + 2;
+    size_t nAlgorithm = 1 + GetLengthOfLength(aSHA256.size()) + aSHA256.size();
+    size_t nParameters = 1 + GetLengthOfLength(1);
+    size_t nAlgorithmIdentifier = 1 + GetLengthOfLength(nAlgorithm + nParameters) + nAlgorithm + nParameters;
+    size_t nCertHash = 1 + GetLengthOfLength(aHash.size()) + aHash.size();
+    size_t nESSCertIDv2 = 1 + GetLengthOfLength(nAlgorithmIdentifier + nCertHash) + nAlgorithmIdentifier + nCertHash;
+    size_t nESSCertIDv2s = 1 + GetLengthOfLength(nESSCertIDv2) + nESSCertIDv2;
 
     // Write SigningCertificateV2.
     rEncodedCertificate.WriteUInt8(0x30);
