ofz: timeout

Change-Id: I98fd5135eb47b518a97238ae981a0083f2e29f67 Reviewed-on: https://gerrit.libreoffice.org/59214 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2018-08-16 17:29:31 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2018-08-16 22:19:13 +0200
commit: 613333d0be43aab4191344916c41f9cb1ca62c7d (patch)
tree: 75348ccd825313f439e5efe97c573da5b6723c0b
parent: 9fe16109167b57ab7e7356f96fcee9ecfeeb1b63 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/oox/source/crypto/Standard2007Engine.cxx b/oox/source/crypto/Standard2007Engine.cxx
index 6dd3e758b641..38c4e03baf15 100644
--- a/oox/source/crypto/Standard2007Engine.cxx
+++ b/oox/source/crypto/Standard2007Engine.cxx
@@ -120,6 +120,16 @@ bool Standard2007Engine::calculateEncryptionKey(const OUString& rPassword)
 bool Standard2007Engine::generateEncryptionKey(const OUString& password)
 {
     mKey.clear();
+    /*
+        KeySize (4 bytes): An unsigned integer that specifies the number of bits in the encryption key.
+        MUST be a multiple of 8. MUST be one of the values in the following table:
+        Algorithm   Value                               Comment
+        Any         0x00000000                          Determined by Flags
+        RC4         0x00000028 – 0x00000080             (inclusive) 8-bit increments.
+        AES         0x00000080, 0x000000C0, 0x00000100  128, 192 or 256-bit
+    */
+    if (mInfo.header.keyBits > 8192) // should we strictly enforce the above 256 bit limit ?
+        return false;
     mKey.resize(mInfo.header.keyBits / 8, 0);
     if (mKey.empty())
         return false;
author	Caolán McNamara <caolanm@redhat.com>	2018-08-16 17:29:31 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2018-08-16 22:19:13 +0200
commit	613333d0be43aab4191344916c41f9cb1ca62c7d (patch)
tree	75348ccd825313f439e5efe97c573da5b6723c0b
parent	9fe16109167b57ab7e7356f96fcee9ecfeeb1b63 (diff)