diff options
author | Miklos Vajna <vmiklos@collabora.co.uk> | 2017-05-18 15:27:05 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2017-05-18 20:31:09 +0200 |
commit | 18aa83acfa243741eb4c79a2e11aec6eaf1a9f02 (patch) | |
tree | 7be9c71558f8c9b210c50f9a94fa82703cc8fe4c | |
parent | 419a90a0d3f25087624ef741fb8ebac92caa1a2f (diff) |
tdf#107782 xmlsecurity PDF verify: handle empty X509 certificate
Leaving Signer as an empty reference will do exactly what we want: the
signature will be considered invalid.
Change-Id: I25d7cbd260384110173fe953fc24f3dcf6b9acd5
Reviewed-on: https://gerrit.libreoffice.org/37770
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
-rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf | bin | 0 -> 157668 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 20 | ||||
-rw-r--r-- | xmlsecurity/source/helper/pdfsignaturehelper.cxx | 3 |
3 files changed, 22 insertions, 1 deletions
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf b/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf Binary files differnew file mode 100644 index 000000000000..086e18eedc03 --- /dev/null +++ b/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index 7462be32882a..59ff206e2c28 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -74,6 +74,7 @@ public: void testTokenize(); /// Test handling of unknown SubFilter values. void testUnknownSubFilter(); + void testTdf107782(); CPPUNIT_TEST_SUITE(PDFSigningTest); CPPUNIT_TEST(testPDFAdd); @@ -90,6 +91,7 @@ public: CPPUNIT_TEST(testGood); CPPUNIT_TEST(testTokenize); CPPUNIT_TEST(testUnknownSubFilter); + CPPUNIT_TEST(testTdf107782); CPPUNIT_TEST_SUITE_END(); }; @@ -284,6 +286,24 @@ void PDFSigningTest::testPDFRemoveAll() CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(0), rInformations.size()); } +void PDFSigningTest::testTdf107782() +{ + uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext); + uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString()); + + // Load the test document as a storage and read its signatures. + DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); + OUString aURL = m_directories.getURLFromSrc(DATA_DIRECTORY) + "tdf107782.pdf"; + SvStream* pStream = utl::UcbStreamHelper::CreateStream(aURL, StreamMode::READ | StreamMode::WRITE); + uno::Reference<io::XStream> xStream(new utl::OStreamWrapper(*pStream)); + aManager.mxSignatureStream = xStream; + aManager.read(/*bUseTempStream=*/false); + CPPUNIT_ASSERT(aManager.mpPDFSignatureHelper); + + // This failed with an std::bad_alloc exception on Windows. + aManager.mpPDFSignatureHelper->GetDocumentSignatureInformations(aManager.getSecurityEnvironment()); +} + void PDFSigningTest::testPDF14Adobe() { // Two signatures, first is SHA1, the second is SHA256. diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx index 702697a89dd1..9bb6e59d0380 100644 --- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx +++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx @@ -76,7 +76,8 @@ uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDoc const SignatureInformation& rInternal = m_aSignatureInfos[i]; security::DocumentSignatureInformation& rExternal = aRet[i]; rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; - rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate); + if (!rInternal.ouX509Certificate.isEmpty()) + rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate); rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature; // Verify certificate. |