summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stahl <mstahl@redhat.com>2018-01-12 22:30:07 +0100
committerMichael Stahl <mstahl@redhat.com>2018-01-12 23:31:44 +0100
commit9ef1734f03a008545a01fd394dd0e979bb230a0f (patch)
tree3183fcbf01682047978b78d7de5cea4c40ea8939
parent50382b9e9256d7361e3770daa654fb8d09448635 (diff)
tdf#114939 sfx2: notify user of non-interoperable passwords
For ODF 1.1 encryption, SHA1 is used as the start-key digest algorithm of PBKDF2. For the ODF export password-to-modify "feature", PBKDF2 is used without a start-key digest round, so the UTF-8 encoded password is directly the input. In both cases, if the user entered a password with a known problematic length, reject it and request a new one. Change-Id: Ie6510c1e668e1ed32be439ebe00354881b6ca83f
-rw-r--r--comphelper/source/misc/docpasswordhelper.cxx2
-rw-r--r--sfx2/source/dialog/filedlghelper.cxx21
-rw-r--r--uui/source/iahndl-authentication.cxx3
3 files changed, 25 insertions, 1 deletions
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx
index 9cf2fdffa0a8..13ab45f043af 100644
--- a/comphelper/source/misc/docpasswordhelper.cxx
+++ b/comphelper/source/misc/docpasswordhelper.cxx
@@ -49,6 +49,8 @@ static uno::Sequence< sal_Int8 > GeneratePBKDF2Hash( const OUString& aPassword,
if ( !aPassword.isEmpty() && aSalt.getLength() && nCount && nHashLength )
{
OString aBytePass = OUStringToOString( aPassword, RTL_TEXTENCODING_UTF8 );
+ // FIXME this is subject to the SHA1-bug tdf#114939 - see also
+ // RequestPassword() in filedlghelper.cxx
aResult.realloc( 16 );
rtl_digest_PBKDF2( reinterpret_cast < sal_uInt8 * > ( aResult.getArray() ),
aResult.getLength(),
diff --git a/sfx2/source/dialog/filedlghelper.cxx b/sfx2/source/dialog/filedlghelper.cxx
index 9871ab45cc3e..f19ea1488b63 100644
--- a/sfx2/source/dialog/filedlghelper.cxx
+++ b/sfx2/source/dialog/filedlghelper.cxx
@@ -60,6 +60,7 @@
#include <vcl/msgbox.hxx>
#include <vcl/mnemonic.hxx>
#include <unotools/pathoptions.hxx>
+#include <unotools/saveopt.hxx>
#include <unotools/securityoptions.hxx>
#include <svl/itemset.hxx>
#include <svl/eitem.hxx>
@@ -2668,7 +2669,25 @@ ErrCode RequestPassword(const std::shared_ptr<const SfxFilter>& pCurrentFilter,
::rtl::Reference< ::comphelper::DocPasswordRequest > pPasswordRequest( new ::comphelper::DocPasswordRequest( eType, css::task::PasswordRequestMode_PASSWORD_CREATE, aURL, bool( pCurrentFilter->GetFilterFlags() & SfxFilterFlags::PASSWORDTOMODIFY ) ) );
uno::Reference< css::task::XInteractionRequest > rRequest( pPasswordRequest.get() );
- xInteractionHandler->handle( rRequest );
+ do {
+ xInteractionHandler->handle( rRequest );
+ if (pPasswordRequest->isPassword() && !bMSType)
+ {
+ OString const utf8Pwd(OUStringToOString(pPasswordRequest->getPassword(), RTL_TEXTENCODING_UTF8));
+ OString const utf8Ptm(OUStringToOString(pPasswordRequest->getPasswordToModify(), RTL_TEXTENCODING_UTF8));
+ if (!(52 <= utf8Pwd.getLength() && utf8Pwd.getLength() <= 55
+ && SvtSaveOptions().GetODFDefaultVersion() < SvtSaveOptions::ODFVER_012)
+ && !(52 <= utf8Ptm.getLength() && utf8Ptm.getLength() <= 55))
+ {
+ break;
+ }
+ ScopedVclPtrInstance<MessBox>(Application::GetDefDialogParent(),
+ MessBoxStyle::Ok, 0, "Password length",
+ "The password you have entered causes interoperability issues. Please enter a password that is shorter than 52 bytes, or longer than 55 bytes."
+ )->Execute();
+
+ }
+ } while (true);
if ( pPasswordRequest->isPassword() )
{
if ( pPasswordRequest->getPassword().getLength() )
diff --git a/uui/source/iahndl-authentication.cxx b/uui/source/iahndl-authentication.cxx
index 643e0e12a4e2..14f4425958b7 100644
--- a/uui/source/iahndl-authentication.cxx
+++ b/uui/source/iahndl-authentication.cxx
@@ -438,6 +438,9 @@ executeMasterPasswordDialog(
}
sal_uInt8 aKey[RTL_DIGEST_LENGTH_MD5];
+ // FIXME this is subject to the SHA1-bug tdf#114939 - but this
+ // MasterPassword stuff is just stored in the UserInstallation,
+ // so no interop concerns
rtl_digest_PBKDF2(aKey,
RTL_DIGEST_LENGTH_MD5,
reinterpret_cast< sal_uInt8 const * >(aMaster.getStr()),