[Libreoffice-commits] core.git: oox/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Sun Oct 4 16:02:54 UTC 2020
oox/source/crypto/AgileEngine.cxx | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
New commits:
commit e11cdf021a1ee7ff95733699e75c35af72c54c69
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sun Oct 4 15:00:20 2020 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Sun Oct 4 18:02:11 2020 +0200
ofz#26128 check at start instead of end if encryptedHashValue is too small
Change-Id: I10774802c96f6f0912a4ee3bf9a6a2a9482b7c94
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103918
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx
index ad01e31def83..179317510880 100644
--- a/oox/source/crypto/AgileEngine.cxx
+++ b/oox/source/crypto/AgileEngine.cxx
@@ -318,7 +318,13 @@ bool generateBytes(std::vector<sal_uInt8> & rBytes, sal_Int32 nSize)
bool AgileEngine::decryptAndCheckVerifierHash(OUString const & rPassword)
{
- std::vector<sal_uInt8> hashFinal(mInfo.hashSize, 0);
+ std::vector<sal_uInt8>& encryptedHashValue = mInfo.encryptedVerifierHashValue;
+ size_t encryptedHashValueSize = encryptedHashValue.size();
+ size_t nHashValueSize = mInfo.hashSize;
+ if (nHashValueSize > encryptedHashValueSize)
+ return false;
+
+ std::vector<sal_uInt8> hashFinal(nHashValueSize, 0);
calculateHashFinal(rPassword, hashFinal);
std::vector<sal_uInt8>& encryptedHashInput = mInfo.encryptedVerifierHashInput;
@@ -327,14 +333,13 @@ bool AgileEngine::decryptAndCheckVerifierHash(OUString const & rPassword)
std::vector<sal_uInt8> hashInput(nSaltSize, 0);
calculateBlock(constBlock1, hashFinal, encryptedHashInput, hashInput);
- std::vector<sal_uInt8>& encryptedHashValue = mInfo.encryptedVerifierHashValue;
- std::vector<sal_uInt8> hashValue(encryptedHashValue.size(), 0);
+ std::vector<sal_uInt8> hashValue(encryptedHashValueSize, 0);
calculateBlock(constBlock2, hashFinal, encryptedHashValue, hashValue);
- std::vector<sal_uInt8> hash(mInfo.hashSize, 0);
+ std::vector<sal_uInt8> hash(nHashValueSize, 0);
hashCalc(hash, hashInput, mInfo.hashAlgorithm);
- return (hash.size() <= hashValue.size() && std::equal(hash.begin(), hash.end(), hashValue.begin()));
+ return std::equal(hash.begin(), hash.end(), hashValue.begin());
}
void AgileEngine::decryptEncryptionKey(OUString const & rPassword)
More information about the Libreoffice-commits
mailing list