xmlsecurity/source/helper/xmlsignaturehelper.cxx | 5 +++++ 1 file changed, 5 insertions(+)
New commits: commit 9d9148ae8b78d4c6fbee397889897127ecf317b3 Author: Caolán McNamara <[email protected]> AuthorDate: Wed Aug 1 09:30:10 2018 +0100 Commit: Caolán McNamara <[email protected]> CommitDate: Wed Aug 1 15:02:15 2018 +0200 forcepoint#57 sanity check stream signature size Change-Id: I5ae459e159a64f32c62278a87e37deb08ab9d6ac Reviewed-on: https://gerrit.libreoffice.org/58389 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx index 1118bff743c7..d21a8a101862 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx @@ -381,6 +381,11 @@ bool XMLSignatureHelper::ReadAndVerifySignatureStorage(const uno::Reference<embe sal_Int64 nSize = 0; xPropertySet->getPropertyValue("Size") >>= nSize; + if (nSize < 0 || nSize > SAL_MAX_INT32) + { + SAL_WARN("xmlsecurity.helper", "bogus signature size: " << nSize); + continue; + } uno::Sequence<sal_Int8> aData; xInputStream->readBytes(aData, nSize); mpXSecController->setSignatureBytes(aData); _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
