[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - oox/source

Caolán McNamara caolanm at redhat.com
Thu Jan 4 13:42:32 UTC 2018


 oox/source/crypto/CryptTools.cxx |   10 ++++++++++
 1 file changed, 10 insertions(+)

New commits:
commit 3795dfafc6b3c5ea33fe246be87fefb4fe050825
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Wed Jan 3 20:13:28 2018 +0000

    ofz#4929 ensure min input len for openssl ciphers
    
    openssl is not the default backend
    
    Change-Id: Id7bd77c1a12a15c0ebb4e7d758362c7778bfc2fd
    Reviewed-on: https://gerrit.libreoffice.org/47350
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Michael Stahl <mstahl at redhat.com>

diff --git a/oox/source/crypto/CryptTools.cxx b/oox/source/crypto/CryptTools.cxx
index 6de4363c59f4..e0b39f67cca4 100644
--- a/oox/source/crypto/CryptTools.cxx
+++ b/oox/source/crypto/CryptTools.cxx
@@ -128,10 +128,20 @@ Decrypt::Decrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto
 
     const EVP_CIPHER* cipher = getCipher(type);
 
+    const size_t nMinKeySize = EVP_CIPHER_key_length(cipher);
+    if (key.size() < nMinKeySize)
+        key.resize(nMinKeySize, 0);
+
     if (iv.empty())
         EVP_DecryptInit_ex(&mContext, cipher, nullptr, key.data(), 0);
     else
+    {
+        const size_t nMinIVSize = EVP_CIPHER_iv_length(cipher);
+        if (iv.size() < nMinIVSize)
+            iv.resize(nMinIVSize, 0);
+
         EVP_DecryptInit_ex(&mContext, cipher, nullptr, key.data(), iv.data());
+    }
     EVP_CIPHER_CTX_set_padding(&mContext, 0);
 #endif
 


More information about the Libreoffice-commits mailing list