tdf#107782 xmlsecurity PDF verify: handle empty X509 certificate

Leaving Signer as an empty reference will do exactly what we want: the
signature will be considered invalid.

(cherry picked from commit 18aa83acfa243741eb4c79a2e11aec6eaf1a9f02)

Change-Id: I25d7cbd260384110173fe953fc24f3dcf6b9acd5
Reviewed-on: https://gerrit.libreoffice.org/37803
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>

3 files changed, 22 insertions, 1 deletions

diff --git a/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf b/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf
new file mode 100644
index 000000000000..086e18eedc03
--- /dev/null
+++ b/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 7462be32882a..59ff206e2c28 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -74,6 +74,7 @@ public:
     void testTokenize();
     /// Test handling of unknown SubFilter values.
     void testUnknownSubFilter();
+    void testTdf107782();
 
     CPPUNIT_TEST_SUITE(PDFSigningTest);
     CPPUNIT_TEST(testPDFAdd);
@@ -90,6 +91,7 @@ public:
     CPPUNIT_TEST(testGood);
     CPPUNIT_TEST(testTokenize);
     CPPUNIT_TEST(testUnknownSubFilter);
+    CPPUNIT_TEST(testTdf107782);
     CPPUNIT_TEST_SUITE_END();
 };
 
@@ -284,6 +286,24 @@ void PDFSigningTest::testPDFRemoveAll()
     CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(0), rInformations.size());
 }
 
+void PDFSigningTest::testTdf107782()
+{
+    uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
+    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
+
+    // Load the test document as a storage and read its signatures.
+    DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content);
+    OUString aURL = m_directories.getURLFromSrc(DATA_DIRECTORY) + "tdf107782.pdf";
+    SvStream* pStream = utl::UcbStreamHelper::CreateStream(aURL, StreamMode::READ | StreamMode::WRITE);
+    uno::Reference<io::XStream> xStream(new utl::OStreamWrapper(*pStream));
+    aManager.mxSignatureStream = xStream;
+    aManager.read(/*bUseTempStream=*/false);
+    CPPUNIT_ASSERT(aManager.mpPDFSignatureHelper);
+
+    // This failed with an std::bad_alloc exception on Windows.
+    aManager.mpPDFSignatureHelper->GetDocumentSignatureInformations(aManager.getSecurityEnvironment());
+}
+
 void PDFSigningTest::testPDF14Adobe()
 {
     // Two signatures, first is SHA1, the second is SHA256.
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 702697a89dd1..9bb6e59d0380 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -76,7 +76,8 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc
         const SignatureInformation& rInternal = m_aSignatureInfos[i];
         security::DocumentSignatureInformation& rExternal = aRet[i];
         rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
-        rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
+        if (!rInternal.ouX509Certificate.isEmpty())
+            rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
         rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature;
 
         // Verify certificate.