vcl/source/gdi/svmconverter.cxx | 20 +++++++++++++ vcl/source/outdev/hatch.cxx | 7 ++++ xmlsecurity/source/component/documentdigitalsignatures.cxx | 15 +++++++-- 3 files changed, 39 insertions(+), 3 deletions(-)
New commits: commit 10f8abb05b771bca293706a8dc7513ae2123c640 Author: Caolán McNamara <[email protected]> AuthorDate: Sun Mar 6 15:49:28 2022 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Fri Mar 11 15:53:16 2022 +0100 ofz: Too many hatch points Change-Id: I08cb9d09a9bb48ab31763f50bc2fa23cf723330f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131014 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit bee0950a4c5bd996a8df0185b03c0f98e7a3de9c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131370 Tested-by: Michael Stahl <[email protected]> diff --git a/vcl/source/outdev/hatch.cxx b/vcl/source/outdev/hatch.cxx index 33ff9e648213..4d05467aacc4 100644 --- a/vcl/source/outdev/hatch.cxx +++ b/vcl/source/outdev/hatch.cxx @@ -370,7 +370,14 @@ void OutputDevice::DrawHatchLine( const tools::Line& rLine, const tools::PolyPol nAdd = 1; if( nAdd ) + { + if (nPCounter == HATCH_MAXPOINTS) + { + SAL_WARN("vcl.gdi", "too many hatch points"); + return; + } pPtBuffer[ nPCounter++ ] = Point( FRound( fX ), FRound( fY ) ); + } } aCurSegment.SetStart( aCurSegment.GetEnd() ); commit 8727f47611af8dfb5ac186cc47e7b38741ccfb76 Author: Caolán McNamara <[email protected]> AuthorDate: Fri Mar 4 10:38:50 2022 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Fri Mar 11 15:52:09 2022 +0100 clamp and add some logging like SvmReader LIBREOFFICE-OWMTGGWJ Change-Id: I8f744e1ab2684a0f0995abcc3e753a684a3b970a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130982 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 19add15932e579c931480eed42eeea52d0551897) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131369 Tested-by: Michael Stahl <[email protected]> diff --git a/vcl/source/gdi/svmconverter.cxx b/vcl/source/gdi/svmconverter.cxx index dc48dea5c718..f61cbdb4e29c 100644 --- a/vcl/source/gdi/svmconverter.cxx +++ b/vcl/source/gdi/svmconverter.cxx @@ -244,6 +244,23 @@ namespace nFollowingActionCount = remainingActions; return std::min(remainingActions, nFollowingActionCount); } + + void ClampRange(const OUString& rStr, sal_Int32& rIndex, sal_Int32& rLength) + { + const sal_Int32 nStrLength = rStr.getLength(); + + if (rIndex < 0 || rIndex > nStrLength) + { + SAL_WARN("vcl.gdi", "inconsistent offset"); + rIndex = nStrLength; + } + + if (rLength < 0 || rLength > nStrLength - rIndex) + { + SAL_WARN("vcl.gdi", "inconsistent len"); + rLength = nStrLength - rIndex; + } + } } #define LF_FACESIZE 32 @@ -687,6 +704,7 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm, GDIMetaFile& rMtf ) OUString aStr(OStringToOUString(aByteStr, eActualCharSet)); if ( nUnicodeCommentActionNumber == i ) ImplReadUnicodeComment( nUnicodeCommentStreamPos, rIStm, aStr ); + ClampRange(aStr, nIndex, nLen); rMtf.AddAction( new MetaTextAction( aPt, aStr, nIndex, nLen ) ); } @@ -777,6 +795,7 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm, GDIMetaFile& rMtf ) } if ( nUnicodeCommentActionNumber == i ) ImplReadUnicodeComment( nUnicodeCommentStreamPos, rIStm, aStr ); + ClampRange(aStr, nIndex, nLen); rMtf.AddAction( new MetaTextArrayAction( aPt, aStr, pDXAry.get(), nIndex, nLen ) ); } @@ -803,6 +822,7 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm, GDIMetaFile& rMtf ) OUString aStr(OStringToOUString(aByteStr, eActualCharSet)); if ( nUnicodeCommentActionNumber == i ) ImplReadUnicodeComment( nUnicodeCommentStreamPos, rIStm, aStr ); + ClampRange(aStr, nIndex, nLen); rMtf.AddAction( new MetaStretchTextAction( aPt, nWidth, aStr, nIndex, nLen ) ); } commit 0ce93b38af84453aba8002c098ac168b0fadfc97 Author: Caolán McNamara <[email protected]> AuthorDate: Thu Mar 3 14:22:37 2022 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Fri Mar 11 15:48:16 2022 +0100 compare authors using Thumbprint Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929 Tested-by: Jenkins Reviewed-by: Miklos Vajna <[email protected]> (cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866 Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8) Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131368 Tested-by: Michael Stahl <[email protected]> Reviewed-by: Michael Stahl <[email protected]> diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 52705860e053..19ceffcd84cf 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -636,9 +636,18 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted( Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors(); return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(), - [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) { - return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT) - && ( rAuthor[1] == sSerialNum ); + [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) { + if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT)) + return false; + if (rAuthor[1] != sSerialNum) + return false; + + DocumentSignatureManager aSignatureManager(mxCtx, {}); + if (!aSignatureManager.init()) + return false; + uno::Reference<css::security::XCertificate> xCert = + aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]); + return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint(); }); }
