xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
New commits:
commit 02bb4ebf2b0dd656bfb0e8185e702267606a7e64
Author: Katarina Behrens <katarina.behr...@cib.de>
Date: Fri Jul 14 14:03:31 2017 +0200
gpg4libre: Don't use xmlStrlen on binary data
Odd things happen inside gpgme if the buffer is prematurely
truncated due to \n char and valid signature is then evaluated
as invalid
Change-Id: I24d4d22af06a3dde6eb7fdfc12953cf1b5f19c1e
Reviewed-on: https://gerrit.libreoffice.org/39945
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Katarina Behrens <katarina.behr...@cib.de>
diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
index 8cec0ceb6fe7..1849e7d3bc22 100644
--- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
+++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
@@ -352,12 +352,13 @@ SAL_CALL XMLSignature_GpgImpl::validate(
if(!xmlSecCheckNodeName(cur, xmlSecNodeSignatureValue, xmlSecDSigNs))
throw RuntimeException("The GpgME library failed to initialize for
the OpenPGP protocol.");
xmlChar* pSignatureValue=xmlNodeGetContent(cur);
- if(xmlSecBase64Decode(pSignatureValue,
reinterpret_cast<xmlSecByte*>(pSignatureValue), xmlStrlen(pSignatureValue)) < 0)
+ int nSigSize = xmlSecBase64Decode(pSignatureValue,
reinterpret_cast<xmlSecByte*>(pSignatureValue), xmlStrlen(pSignatureValue));
+ if( nSigSize < 0)
throw RuntimeException("The GpgME library failed to initialize for
the OpenPGP protocol.");
GpgME::Data data_signature(
reinterpret_cast<char*>(pSignatureValue),
- xmlStrlen(pSignatureValue), false);
+ nSigSize, false);
GpgME::VerificationResult verify_res=rCtx.verifyDetachedSignature(
data_signature, data_text);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
