xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf |binary
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 20 ++++++++++++++++++++
xmlsecurity/source/helper/pdfsignaturehelper.cxx | 3 ++-
3 files changed, 22 insertions(+), 1 deletion(-)
New commits:
commit 398ab416bd552162131e74751e48d266a1f31ee9
Author: Miklos Vajna <vmik...@collabora.co.uk>
Date: Thu May 18 15:27:05 2017 +0200
tdf#107782 xmlsecurity PDF verify: handle empty X509 certificate
Leaving Signer as an empty reference will do exactly what we want: the
signature will be considered invalid.
(cherry picked from commit 18aa83acfa243741eb4c79a2e11aec6eaf1a9f02)
Change-Id: I25d7cbd260384110173fe953fc24f3dcf6b9acd5
Reviewed-on: https://gerrit.libreoffice.org/37813
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Tested-by: Caolán McNamara <caol...@redhat.com>
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf
b/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf
new file mode 100644
index 000000000000..086e18eedc03
Binary files /dev/null and b/xmlsecurity/qa/unit/pdfsigning/data/tdf107782.pdf
differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 51fc15ebc407..25437d236545 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -74,6 +74,7 @@ public:
void testTokenize();
/// Test handling of unknown SubFilter values.
void testUnknownSubFilter();
+ void testTdf107782();
CPPUNIT_TEST_SUITE(PDFSigningTest);
CPPUNIT_TEST(testPDFAdd);
@@ -90,6 +91,7 @@ public:
CPPUNIT_TEST(testGood);
CPPUNIT_TEST(testTokenize);
CPPUNIT_TEST(testUnknownSubFilter);
+ CPPUNIT_TEST(testTdf107782);
CPPUNIT_TEST_SUITE_END();
};
@@ -284,6 +286,24 @@ void PDFSigningTest::testPDFRemoveAll()
CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(0), rInformations.size());
}
+void PDFSigningTest::testTdf107782()
+{
+ uno::Reference<xml::crypto::XSEInitializer> xSEInitializer =
xml::crypto::SEInitializer::create(mxComponentContext);
+ uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext =
xSEInitializer->createSecurityContext(OUString());
+
+ // Load the test document as a storage and read its signatures.
+ DocumentSignatureManager aManager(mxComponentContext,
DocumentSignatureMode::Content);
+ OUString aURL = m_directories.getURLFromSrc(DATA_DIRECTORY) +
"tdf107782.pdf";
+ SvStream* pStream = utl::UcbStreamHelper::CreateStream(aURL,
StreamMode::READ | StreamMode::WRITE);
+ uno::Reference<io::XStream> xStream(new utl::OStreamWrapper(*pStream));
+ aManager.mxSignatureStream = xStream;
+ aManager.read(/*bUseTempStream=*/false);
+ CPPUNIT_ASSERT(aManager.mpPDFSignatureHelper);
+
+ // This failed with an std::bad_alloc exception on Windows.
+
aManager.mpPDFSignatureHelper->GetDocumentSignatureInformations(aManager.getSecurityEnvironment());
+}
+
void PDFSigningTest::testPDF14Adobe()
{
// Two signatures, first is SHA1, the second is SHA256.
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index 4218a8305ee4..e2decc3f4e85 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -78,7 +78,8 @@ uno::Sequence<security::DocumentSignatureInformation>
PDFSignatureHelper::GetDoc
const SignatureInformation& rInternal = m_aSignatureInfos[i];
security::DocumentSignatureInformation& rExternal = aRet[i];
rExternal.SignatureIsValid = rInternal.nStatus ==
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
- rExternal.Signer =
xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
+ if (!rInternal.ouX509Certificate.isEmpty())
+ rExternal.Signer =
xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate);
rExternal.PartialDocumentSignature =
rInternal.bPartialDocumentSignature;
// Verify certificate.
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
