[Libreoffice-commits] core.git: oox/source

Caolán McNamara (via logerrit) logerrit at kemper.freedesktop.org
Thu Aug 27 18:34:32 UTC 2020 

 oox/source/crypto/DocumentDecryption.cxx |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

New commits:
commit 2730ae520da2c47ac1cabaa3ddcc43359aae5875
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Aug 27 17:16:54 2020 +0100
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Thu Aug 27 20:33:50 2020 +0200

    ofz#24934 practically infinite loop on eof
    
    Change-Id: Iaa6121f3a0088978c57718610bc9baf9bcfe6fee
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101489
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/oox/source/crypto/DocumentDecryption.cxx b/oox/source/crypto/DocumentDecryption.cxx
index 45b820a89302..c566426267ff 100644
--- a/oox/source/crypto/DocumentDecryption.cxx
+++ b/oox/source/crypto/DocumentDecryption.cxx
@@ -117,14 +117,14 @@ bool DocumentDecryption::readEncryptionInfo()
         SAL_WARN_IF(aEntryCount != 1, "oox", "DataSpaceMap contains more than one entry. Some content may be skipped");
 
         // Read each DataSpaceMapEntry (MS-OFFCRYPTO 2.1.6.1)
-        for (sal_uInt32 i = 0; i < aEntryCount; i++)
+        for (sal_uInt32 i = 0; i < aEntryCount && !aDataSpaceStream.isEof(); i++)
         {
             // entryLen unused for the moment
             aDataSpaceStream.skip(sizeof(sal_uInt32));
 
             // Read each DataSpaceReferenceComponent (MS-OFFCRYPTO 2.1.6.2)
             sal_uInt32 aReferenceComponentCount = aDataSpaceStream.readuInt32();
-            for (sal_uInt32 j = 0; j < aReferenceComponentCount; j++)
+            for (sal_uInt32 j = 0; j < aReferenceComponentCount && !aDataSpaceStream.isEof(); j++)
             {
                 // Read next reference component
                 // refComponentType unused for the moment
@@ -139,6 +139,12 @@ bool DocumentDecryption::readEncryptionInfo()
             sDataSpaceName = aDataSpaceStream.readUnicodeArray(aDataSpaceNameLength / 2);
             aDataSpaceStream.skip((4 - (aDataSpaceNameLength & 3)) & 3);  // Skip padding
         }
+
+        if (aDataSpaceStream.isEof())
+        {
+            SAL_WARN("oox", "EOF on parsing DataSpaceMapEntry table");
+            return false;
+        }
     }
     else
     {

More information about the Libreoffice-commits mailing list