[Libreoffice-commits] core.git: oox/source

Thu, 27 Aug 2020 11:34:40 -0700 

 oox/source/crypto/DocumentDecryption.cxx |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

New commits:
commit 2730ae520da2c47ac1cabaa3ddcc43359aae5875
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Aug 27 17:16:54 2020 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Aug 27 20:33:50 2020 +0200

    ofz#24934 practically infinite loop on eof
    
    Change-Id: Iaa6121f3a0088978c57718610bc9baf9bcfe6fee
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/101489
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/oox/source/crypto/DocumentDecryption.cxx 
b/oox/source/crypto/DocumentDecryption.cxx
index 45b820a89302..c566426267ff 100644
--- a/oox/source/crypto/DocumentDecryption.cxx
+++ b/oox/source/crypto/DocumentDecryption.cxx
@@ -117,14 +117,14 @@ bool DocumentDecryption::readEncryptionInfo()
         SAL_WARN_IF(aEntryCount != 1, "oox", "DataSpaceMap contains more than 
one entry. Some content may be skipped");
 
         // Read each DataSpaceMapEntry (MS-OFFCRYPTO 2.1.6.1)
-        for (sal_uInt32 i = 0; i < aEntryCount; i++)
+        for (sal_uInt32 i = 0; i < aEntryCount && !aDataSpaceStream.isEof(); 
i++)
         {
             // entryLen unused for the moment
             aDataSpaceStream.skip(sizeof(sal_uInt32));
 
             // Read each DataSpaceReferenceComponent (MS-OFFCRYPTO 2.1.6.2)
             sal_uInt32 aReferenceComponentCount = 
aDataSpaceStream.readuInt32();
-            for (sal_uInt32 j = 0; j < aReferenceComponentCount; j++)
+            for (sal_uInt32 j = 0; j < aReferenceComponentCount && 
!aDataSpaceStream.isEof(); j++)
             {
                 // Read next reference component
                 // refComponentType unused for the moment
@@ -139,6 +139,12 @@ bool DocumentDecryption::readEncryptionInfo()
             sDataSpaceName = 
aDataSpaceStream.readUnicodeArray(aDataSpaceNameLength / 2);
             aDataSpaceStream.skip((4 - (aDataSpaceNameLength & 3)) & 3);  // 
Skip padding
         }
+
+        if (aDataSpaceStream.isEof())
+        {
+            SAL_WARN("oox", "EOF on parsing DataSpaceMapEntry table");
+            return false;
+        }
     }
     else
     {
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to