[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - oox/source

Caolán McNamara caolanm at redhat.com
Thu Nov 30 09:42:23 UTC 2017 

 oox/source/crypto/CryptTools.cxx         |   12 +++++++++---
 oox/source/crypto/Standard2007Engine.cxx |    2 ++
 2 files changed, 11 insertions(+), 3 deletions(-)

New commits:
commit b784de0b99cff92ac34d33a257e225d11d101ec5
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Wed Nov 29 16:15:04 2017 +0000

    ofz: handle bad key len and subsequent PK11_ImportSymKey failure
    
    Change-Id: Ied93745f924cbcbc674b5c9a78545aa1f79fc61e
    Reviewed-on: https://gerrit.libreoffice.org/45514
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/oox/source/crypto/CryptTools.cxx b/oox/source/crypto/CryptTools.cxx
index 2c7c5f794fa3..6de4363c59f4 100644
--- a/oox/source/crypto/CryptTools.cxx
+++ b/oox/source/crypto/CryptTools.cxx
@@ -34,9 +34,12 @@ Crypto::~Crypto()
     EVP_CIPHER_CTX_cleanup( &mContext );
 #endif
 #if USE_TLS_NSS
-    PK11_DestroyContext( mContext, PR_TRUE );
-    PK11_FreeSymKey( mSymKey );
-    SECITEM_FreeItem( mSecParam, PR_TRUE );
+    if (mContext)
+        PK11_DestroyContext(mContext, PR_TRUE);
+    if (mSymKey)
+        PK11_FreeSymKey(mSymKey);
+    if (mSecParam)
+        SECITEM_FreeItem(mSecParam, PR_TRUE);
 #endif
 }
 
@@ -101,6 +104,9 @@ void Crypto::setupContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& i
     keyItem.len  = key.size();
 
     mSymKey = PK11_ImportSymKey(pSlot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr);
+    if (!mSymKey)
+        throw css::uno::RuntimeException("NSS SymKey failure", css::uno::Reference<css::uno::XInterface>());
+
     mSecParam = PK11_ParamFromIV(mechanism, pIvItem);
     mContext = PK11_CreateContextBySymKey(mechanism, operation, mSymKey, mSecParam);
 }
diff --git a/oox/source/crypto/Standard2007Engine.cxx b/oox/source/crypto/Standard2007Engine.cxx
index 3a3fa457106d..1f39a9aab410 100644
--- a/oox/source/crypto/Standard2007Engine.cxx
+++ b/oox/source/crypto/Standard2007Engine.cxx
@@ -113,6 +113,8 @@ bool Standard2007Engine::calculateEncryptionKey(const OUString& rPassword)
         buffer[i] ^= hash[i];
 
     hash = comphelper::Hash::calculateHash(buffer.data(), buffer.size(), comphelper::HashType::SHA1);
+    if (mKey.size() > hash.size())
+        return false;
     std::copy(hash.begin(), hash.begin() + mKey.size(), mKey.begin());
 
     return true;

More information about the Libreoffice-commits mailing list