[Libreoffice-commits] core.git: xmlsecurity/source
Thorsten Behrens
Thorsten.Behrens at CIB.de
Sat Jun 24 16:14:08 UTC 2017
xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
New commits:
commit 879fea59a0bcc1a439e51ab0923e1cc41dff5bfb
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Date: Sat Jun 24 00:17:04 2017 +0200
gpp4libre: error handling, proper key extraction
Change-Id: I1cb219f825393309219a4ebfb406482050b91228
Reviewed-on: https://gerrit.libreoffice.org/39191
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
index 48d2097dad0f..63e26a76f8ea 100644
--- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
+++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
@@ -171,7 +171,7 @@ SAL_CALL XMLSignature_GpgImpl::generate(
cur = xmlSecGetNextElementNode(cur->next);
cur = xmlSecGetNextElementNode(cur->children);
// check that this is now PGPData
- if(!xmlSecCheckNodeName(cur, xmlSecNamePGPData, xmlSecDSigNs))
+ if(!xmlSecCheckNodeName(cur, xmlSecNodePGPData, xmlSecDSigNs))
throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
// check that this is now PGPKeyID
cur = xmlSecGetNextElementNode(cur->children);
@@ -182,11 +182,16 @@ SAL_CALL XMLSignature_GpgImpl::generate(
GpgME::Context& rCtx=pSecEnv->getGpgContext();
rCtx.setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
GpgME::Error err;
+ xmlChar* pKey=xmlNodeGetContent(cur);
+ if(xmlSecBase64Decode(pKey, reinterpret_cast<xmlSecByte*>(pKey), xmlStrlen(pKey)) < 0)
+ throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
if( rCtx.addSigningKey(
rCtx.key(
- reinterpret_cast<char*>(xmlNodeGetContent(cur)), err, true)) )
+ reinterpret_cast<char*>(pKey), err, true)) )
throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
+ xmlFree(pKey);
+
// good, ctx is setup now, let's sign the lot
GpgME::Data data_in(
reinterpret_cast<char*>(xmlSecBufferGetData(pDsigCtx->transformCtx.result)),
@@ -202,6 +207,9 @@ SAL_CALL XMLSignature_GpgImpl::generate(
while( (curr=data_out.read(&buf, 1)) )
len += curr;
+ if(sign_res.error() || !len)
+ throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
+
// write signed data to xml
std::vector<unsigned char> buf2(len);
assert(data_out.seek(0,SEEK_SET) == 0);
More information about the Libreoffice-commits
mailing list