summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2022-03-03 14:22:37 +0000
committerMiklos Vajna <vmiklos@collabora.com>2022-12-21 12:09:44 +0100
commit415a8091a1c1394cda1250a759ef9aaad496b0ee (patch)
treeaaa38053dd080b683aa56d8a873b225231601f06
parent9a43a577c6d89101e0642ff59b7e2eb84ff5a039 (diff)
CVE-2022-26305 compare authors using Thumbprintdistro/vector/vector-7.0-10.0
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com> (cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8) (cherry picked from commit bcbb74d42d0cb269396c8937a0b547057530cbc6)
-rw-r--r--xmlsecurity/source/component/documentdigitalsignatures.cxx23
1 files changed, 19 insertions, 4 deletions
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 8f1fe7c2785d..2f57db7fcaf4 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -19,9 +19,10 @@
#include <resourcemanager.hxx>
-#include <digitalsignaturesdialog.hxx>
+#include <certificate.hxx>
#include <certificatechooser.hxx>
#include <certificateviewer.hxx>
+#include <digitalsignaturesdialog.hxx>
#include <macrosecurity.hxx>
#include <biginteger.hxx>
#include <strings.hrc>
@@ -655,9 +656,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
- return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())
- && ( rAuthor[1] == sSerialNum );
+ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
+ if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()))
+ return false;
+ if (rAuthor[1] != sSerialNum)
+ return false;
+
+ DocumentSignatureManager aSignatureManager(mxCtx, {});
+ if (!aSignatureManager.init())
+ return false;
+ uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
+
+ auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
+ auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
+ if (pAuthor && pCert)
+ return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
+
+ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
});
}