[Libreoffice-commits] core.git: Branch 'libreoffice-5-4' - xmlsecurity/source

[Thorsten Behrens]

 xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

New commits:
commit be65302ae7d0c64362ea224253261a0fe0b5e9e3
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Date:   Sat Jun 24 00:17:04 2017 +0200

    gpp4libre: error handling, proper key extraction
    
    Change-Id: I1cb219f825393309219a4ebfb406482050b91228
    Reviewed-on: https://gerrit.libreoffice.org/39191
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
    (cherry picked from commit 879fea59a0bcc1a439e51ab0923e1cc41dff5bfb)
    Reviewed-on: https://gerrit.libreoffice.org/39230
    Reviewed-by: Katarina Behrens <Katarina.Behrens at cib.de>

diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
index 40248ee3a9e8..c0f570d19968 100644
--- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
+++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
@@ -178,7 +178,7 @@ SAL_CALL XMLSignature_GpgImpl::generate(
     cur = xmlSecGetNextElementNode(cur->next);
     cur = xmlSecGetNextElementNode(cur->children);
     // check that this is now PGPData
-    if(!xmlSecCheckNodeName(cur, xmlSecNamePGPData, xmlSecDSigNs))
+    if(!xmlSecCheckNodeName(cur, xmlSecNodePGPData, xmlSecDSigNs))
         throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
     // check that this is now PGPKeyID
     cur = xmlSecGetNextElementNode(cur->children);
@@ -189,11 +189,16 @@ SAL_CALL XMLSignature_GpgImpl::generate(
     GpgME::Context& rCtx=pSecEnv->getGpgContext();
     rCtx.setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
     GpgME::Error err;
+    xmlChar* pKey=xmlNodeGetContent(cur);
+    if(xmlSecBase64Decode(pKey, reinterpret_cast<xmlSecByte*>(pKey), xmlStrlen(pKey)) < 0)
+        throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
     if( rCtx.addSigningKey(
             rCtx.key(
-                reinterpret_cast<char*>(xmlNodeGetContent(cur)), err, true)) )
+                reinterpret_cast<char*>(pKey), err, true)) )
         throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
 
+    xmlFree(pKey);
+
     // good, ctx is setup now, let's sign the lot
     GpgME::Data data_in(
         reinterpret_cast<char*>(xmlSecBufferGetData(pDsigCtx->transformCtx.result)),
@@ -209,6 +214,9 @@ SAL_CALL XMLSignature_GpgImpl::generate(
     while( (curr=data_out.read(&buf, 1)) )
         len += curr;
 
+    if(sign_res.error() || !len)
+        throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
+
     // write signed data to xml
     std::vector<unsigned char> buf2(len);
     assert(data_out.seek(0,SEEK_SET) == 0);