diff options
author | Michael Stahl <mstahl@redhat.com> | 2018-01-12 22:30:07 +0100 |
---|---|---|
committer | Michael Stahl <mstahl@redhat.com> | 2018-01-12 23:31:44 +0100 |
commit | 9ef1734f03a008545a01fd394dd0e979bb230a0f (patch) | |
tree | 3183fcbf01682047978b78d7de5cea4c40ea8939 | |
parent | 50382b9e9256d7361e3770daa654fb8d09448635 (diff) |
tdf#114939 sfx2: notify user of non-interoperable passwords
For ODF 1.1 encryption, SHA1 is used as the start-key digest algorithm
of PBKDF2.
For the ODF export password-to-modify "feature", PBKDF2 is used
without a start-key digest round, so the UTF-8 encoded password
is directly the input.
In both cases, if the user entered a password with a known problematic
length, reject it and request a new one.
Change-Id: Ie6510c1e668e1ed32be439ebe00354881b6ca83f
-rw-r--r-- | comphelper/source/misc/docpasswordhelper.cxx | 2 | ||||
-rw-r--r-- | sfx2/source/dialog/filedlghelper.cxx | 21 | ||||
-rw-r--r-- | uui/source/iahndl-authentication.cxx | 3 |
3 files changed, 25 insertions, 1 deletions
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx index 9cf2fdffa0a8..13ab45f043af 100644 --- a/comphelper/source/misc/docpasswordhelper.cxx +++ b/comphelper/source/misc/docpasswordhelper.cxx @@ -49,6 +49,8 @@ static uno::Sequence< sal_Int8 > GeneratePBKDF2Hash( const OUString& aPassword, if ( !aPassword.isEmpty() && aSalt.getLength() && nCount && nHashLength ) { OString aBytePass = OUStringToOString( aPassword, RTL_TEXTENCODING_UTF8 ); + // FIXME this is subject to the SHA1-bug tdf#114939 - see also + // RequestPassword() in filedlghelper.cxx aResult.realloc( 16 ); rtl_digest_PBKDF2( reinterpret_cast < sal_uInt8 * > ( aResult.getArray() ), aResult.getLength(), diff --git a/sfx2/source/dialog/filedlghelper.cxx b/sfx2/source/dialog/filedlghelper.cxx index 9871ab45cc3e..f19ea1488b63 100644 --- a/sfx2/source/dialog/filedlghelper.cxx +++ b/sfx2/source/dialog/filedlghelper.cxx @@ -60,6 +60,7 @@ #include <vcl/msgbox.hxx> #include <vcl/mnemonic.hxx> #include <unotools/pathoptions.hxx> +#include <unotools/saveopt.hxx> #include <unotools/securityoptions.hxx> #include <svl/itemset.hxx> #include <svl/eitem.hxx> @@ -2668,7 +2669,25 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter, ::rtl::Reference< ::comphelper::DocPasswordRequest > pPasswordRequest( new ::comphelper::DocPasswordRequest( eType, css::task::PasswordRequestMode_PASSWORD_CREATE, aURL, bool( pCurrentFilter->GetFilterFlags() & SfxFilterFlags::PASSWORDTOMODIFY ) ) ); uno::Reference< css::task::XInteractionRequest > rRequest( pPasswordRequest.get() ); - xInteractionHandler->handle( rRequest ); + do { + xInteractionHandler->handle( rRequest ); + if (pPasswordRequest->isPassword() && !bMSType) + { + OString const utf8Pwd(OUStringToOString(pPasswordRequest->getPassword(), RTL_TEXTENCODING_UTF8)); + OString const utf8Ptm(OUStringToOString(pPasswordRequest->getPasswordToModify(), RTL_TEXTENCODING_UTF8)); + if (!(52 <= utf8Pwd.getLength() && utf8Pwd.getLength() <= 55 + && SvtSaveOptions().GetODFDefaultVersion() < SvtSaveOptions::ODFVER_012) + && !(52 <= utf8Ptm.getLength() && utf8Ptm.getLength() <= 55)) + { + break; + } + ScopedVclPtrInstance<MessBox>(Application::GetDefDialogParent(), + MessBoxStyle::Ok, 0, "Password length", + "The password you have entered causes interoperability issues. Please enter a password that is shorter than 52 bytes, or longer than 55 bytes." + )->Execute(); + + } + } while (true); if ( pPasswordRequest->isPassword() ) { if ( pPasswordRequest->getPassword().getLength() ) diff --git a/uui/source/iahndl-authentication.cxx b/uui/source/iahndl-authentication.cxx index 643e0e12a4e2..14f4425958b7 100644 --- a/uui/source/iahndl-authentication.cxx +++ b/uui/source/iahndl-authentication.cxx @@ -438,6 +438,9 @@ executeMasterPasswordDialog( } sal_uInt8 aKey[RTL_DIGEST_LENGTH_MD5]; + // FIXME this is subject to the SHA1-bug tdf#114939 - but this + // MasterPassword stuff is just stored in the UserInstallation, + // so no interop concerns rtl_digest_PBKDF2(aKey, RTL_DIGEST_LENGTH_MD5, reinterpret_cast< sal_uInt8 const * >(aMaster.getStr()), |