[Libreoffice-commits] core.git: xmlsecurity/source

Katarina Behrens Mon, 17 Jul 2017 09:11:47 -0700

 xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx |   19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)


New commits:
commit 53be53b35e18230004b5f173c961fb8aa7162b09
Author: Katarina Behrens <katarina.behr...@cib.de>
Date:   Mon Jul 17 16:00:12 2017 +0200

    gpg4libre: Import public key payload if verification result != valid
    
    it is essential to look closer at the results of verification (code
    doing that was removed by commit bdbebda1d80f538f946b14042) to be
    able to proceed with importing public key payload from the file if
    needed
    
    I've also killed one more instance of xmlStrlen being used on binary
    data
    
    Change-Id: I8cd45fe963c8dde91727471ddbebe6943374a121
    Reviewed-on: https://gerrit.libreoffice.org/40066
    Tested-by: Jenkins <c...@libreoffice.org>
    Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>

diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx 
b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
index 1e90ca7c0545..01614e29a820 100644
--- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
+++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
@@ -364,7 +364,10 @@ SAL_CALL XMLSignature_GpgImpl::validate(
             data_signature, data_text);
 
         // TODO: needs some more error handling, needs checking _all_ 
signatures
-        if( verify_res.isNull() || verify_res.numSignatures() == 0 )
+        if( verify_res.isNull() || verify_res.numSignatures() == 0
+            // there is at least 1 signature and it is anything else than 
fully valid
+            || ( (verify_res.numSignatures() > 0)
+                  && verify_res.signature(0).status().encodedError() > 0 ) )
         {
             // let's try again, but this time import the public key
             // payload (avoiding that in a first cut for being a bit
@@ -401,21 +404,27 @@ SAL_CALL XMLSignature_GpgImpl::validate(
 
             // got a key packet, import & re-validate
             xmlChar* pKeyPacket=xmlNodeGetContent(cur);
-            if(xmlSecBase64Decode(pKeyPacket, 
reinterpret_cast<xmlSecByte*>(pKeyPacket), xmlStrlen(pKeyPacket)) < 0)
+            int nKeyLen = xmlSecBase64Decode(pKeyPacket, 
reinterpret_cast<xmlSecByte*>(pKeyPacket), xmlStrlen(pKeyPacket));
+            if( nKeyLen < 0)
                 throw RuntimeException("The GpgME library failed to initialize 
for the OpenPGP protocol.");
 
             GpgME::Data data_key(
                 reinterpret_cast<char*>(pKeyPacket),
-                xmlStrlen(pKeyPacket), false);
+                nKeyLen, false);
 
             GpgME::ImportResult import_res=rCtx.importKeys(data_key);
             xmlFree(pKeyPacket);
 
-            // and re-run
+            // and re-run (rewind text and signature streams to position 0)
+            data_text.seek(0,SEEK_SET);
+            data_signature.seek(0,SEEK_SET);
             verify_res=rCtx.verifyDetachedSignature(data_signature, data_text);
 
             // TODO: needs some more error handling, needs checking _all_ 
signatures
-            if( verify_res.isNull() || verify_res.numSignatures() == 0 )
+            if( verify_res.isNull() || verify_res.numSignatures() == 0
+                // there is at least 1 signature and it is anything else than 
valid
+                || ( (verify_res.numSignatures() > 0)
+                      && verify_res.signature(0).status().encodedError() > 0 ) 
)
             {
                 clearErrorRecorder();
                 xmlFree(pSignatureValue);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: xmlsecurity/source

Reply via email to