[Libreoffice-commits] core.git: xmlsecurity/source

Wed, 03 Mar 2021 03:48:41 -0800 

 xmlsecurity/source/component/documentdigitalsignatures.cxx |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

New commits:
commit ca98e505cd69bf95d8ddb9387cf3f8e03ae4577d
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Feb 26 19:51:39 2021 +0100
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Mar 3 12:47:50 2021 +0100

    xmlsecurity: fix crash in DocumentDigitalSignatures::isAuthorTrusted()
    
    If the argument is null.
    
    This function also should use EqualDistinguishedNames().
    
    Change-Id: I4068aa94f9d9c422c96b394c82d3e28303774b0b
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111667
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>

diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx 
b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index f3b74de8f752..6dfb9799190d 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -655,15 +655,19 @@ void DocumentDigitalSignatures::showCertificate(
 }
 
 sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
-    const Reference< css::security::XCertificate >& Author )
+    const Reference<css::security::XCertificate>& xAuthor)
 {
-    OUString sSerialNum = xmlsecurity::bigIntegerToNumericString( 
Author->getSerialNumber() );
+    if (!xAuthor.is())
+    {
+        return false;
+    }
+    OUString sSerialNum = 
xmlsecurity::bigIntegerToNumericString(xAuthor->getSerialNumber());
 
     std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors = 
SvtSecurityOptions().GetTrustedAuthors();
 
     return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
-        [&Author, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) 
{
-            return ( rAuthor.SubjectName == Author->getIssuerName() )
+        [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& 
rAuthor) {
+            return xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, 
xAuthor->getIssuerName())
                 && ( rAuthor.SerialNumber == sSerialNum );
         });
 }
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to