oox/source/crypto/Standard2007Engine.cxx | 10 ++++++++++
1 file changed, 10 insertions(+)
New commits:
commit 613333d0be43aab4191344916c41f9cb1ca62c7d
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Aug 16 17:29:31 2018 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Aug 16 22:19:13 2018 +0200
ofz: timeout
Change-Id: I98fd5135eb47b518a97238ae981a0083f2e29f67
Reviewed-on: https://gerrit.libreoffice.org/59214
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Tested-by: Caolán McNamara <caol...@redhat.com>
diff --git a/oox/source/crypto/Standard2007Engine.cxx
b/oox/source/crypto/Standard2007Engine.cxx
index 6dd3e758b641..38c4e03baf15 100644
--- a/oox/source/crypto/Standard2007Engine.cxx
+++ b/oox/source/crypto/Standard2007Engine.cxx
@@ -120,6 +120,16 @@ bool Standard2007Engine::calculateEncryptionKey(const
OUString& rPassword)
bool Standard2007Engine::generateEncryptionKey(const OUString& password)
{
mKey.clear();
+ /*
+ KeySize (4 bytes): An unsigned integer that specifies the number of
bits in the encryption key.
+ MUST be a multiple of 8. MUST be one of the values in the following
table:
+ Algorithm Value Comment
+ Any 0x00000000 Determined by Flags
+ RC4 0x00000028 – 0x00000080 (inclusive) 8-bit
increments.
+ AES 0x00000080, 0x000000C0, 0x00000100 128, 192 or 256-bit
+ */
+ if (mInfo.header.keyBits > 8192) // should we strictly enforce the above
256 bit limit ?
+ return false;
mKey.resize(mInfo.header.keyBits / 8, 0);
if (mKey.empty())
return false;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
