diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2017-11-29 16:15:04 +0000 |
|---|---|---|
| committer | Michael Stahl <mstahl@redhat.com> | 2017-11-30 16:23:24 +0100 |
| commit | 0498b983cc62bc37dacd246ed6480563ede470b1 (patch) | |
| tree | 969e2df2873ed02f310ff23f6405cda55f34b434 /oox | |
| parent | 2ed722a7a49e9e90480e49e1ef0cec8e8c79b79d (diff) | |
ofz: handle bad key len and subsequent PK11_ImportSymKey failure
Change-Id: Ied93745f924cbcbc674b5c9a78545aa1f79fc61e
Reviewed-on: https://gerrit.libreoffice.org/45515
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
Diffstat (limited to 'oox')
| -rw-r--r-- | oox/source/crypto/CryptTools.cxx | 12 | ||||
| -rw-r--r-- | oox/source/crypto/Standard2007Engine.cxx | 2 |
2 files changed, 11 insertions, 3 deletions
diff --git a/oox/source/crypto/CryptTools.cxx b/oox/source/crypto/CryptTools.cxx index b23d3ebbf57b..a80eaad63689 100644 --- a/oox/source/crypto/CryptTools.cxx +++ b/oox/source/crypto/CryptTools.cxx @@ -34,9 +34,12 @@ Crypto::~Crypto() EVP_CIPHER_CTX_cleanup( &mContext ); #endif #if USE_TLS_NSS - PK11_DestroyContext( mContext, PR_TRUE ); - PK11_FreeSymKey( mSymKey ); - SECITEM_FreeItem( mSecParam, PR_TRUE ); + if (mContext) + PK11_DestroyContext(mContext, PR_TRUE); + if (mSymKey) + PK11_FreeSymKey(mSymKey); + if (mSecParam) + SECITEM_FreeItem(mSecParam, PR_TRUE); #endif } @@ -101,6 +104,9 @@ void Crypto::setupContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& i keyItem.len = key.size(); mSymKey = PK11_ImportSymKey(pSlot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr); + if (!mSymKey) + throw css::uno::RuntimeException("NSS SymKey failure", css::uno::Reference<css::uno::XInterface>()); + mSecParam = PK11_ParamFromIV(mechanism, pIvItem); mContext = PK11_CreateContextBySymKey(mechanism, operation, mSymKey, mSecParam); } diff --git a/oox/source/crypto/Standard2007Engine.cxx b/oox/source/crypto/Standard2007Engine.cxx index b9c259fa02ac..aabb7ed3027a 100644 --- a/oox/source/crypto/Standard2007Engine.cxx +++ b/oox/source/crypto/Standard2007Engine.cxx @@ -113,6 +113,8 @@ bool Standard2007Engine::calculateEncryptionKey(const OUString& rPassword) buffer[i] ^= hash[i]; hash = comphelper::Hash::calculateHash(buffer.data(), buffer.size(), comphelper::HashType::SHA1); + if (mKey.size() > hash.size()) + return false; std::copy(hash.begin(), hash.begin() + mKey.size(), mKey.begin()); return true; |