comphelper/source/misc/storagehelper.cxx | 1 + package/source/zippackage/ZipPackage.cxx | 5 +++++ sc/CppunitTest_sc_filters_test.mk | 1 + 3 files changed, 7 insertions(+)
New commits: commit 58c31ded0264103769595a1b25739b0e8df571cd Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Feb 21 18:01:41 2024 +0100 Commit: Michael Stahl <michael.st...@allotropia.de> CommitDate: Thu Feb 22 12:37:29 2024 +0100 tdf#159519 comphelper,package: do not store document without SHA256 The problem is that on Windows 7 the password-encrypted documents are stored unencrypted, without any error message. This is due to defensive programming in OStorageHelper::CreatePackageEncryptionData(), which happily continues if creating the SHA256 hash fails, which is the one required for storing anything newer than ODF 1.1. Also, the poorly named ZipPackage::GetEncryptionKey() should check for consistency, the expectation is that either there's no encryption key (empty sequence), or the expected one is in the sequence. Creating the SHA256 uses the crypto::NSSInitializer component, which is in xsec_xmlsec.dll, which is linked to libxmlsec-mscng.dll, which is linked to Win32 bcrypt.dll, which doesn't have BCryptKeyDerivation on Windows 7; to reproduce elsewhere, rm instdir/program/libxsec_xmlsec.so (regression from commit 26bf26272bf525b59b4a4ce18b3ce14c1febfd7b and (due to revert) commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b) Change-Id: I0b22e20f6d4d0b1a12ed7d99fac7b5243910f9ba Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163708 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> diff --git a/comphelper/source/misc/storagehelper.cxx b/comphelper/source/misc/storagehelper.cxx index c190d099ea00..1d504cb91725 100644 --- a/comphelper/source/misc/storagehelper.cxx +++ b/comphelper/source/misc/storagehelper.cxx @@ -390,6 +390,7 @@ uno::Sequence< beans::NamedValue > OStorageHelper::CreatePackageEncryptionData( catch ( uno::Exception& ) { TOOLS_WARN_EXCEPTION("comphelper", "Can not create SHA256 digest!" ); + throw; // tdf#159519 DO NOT RETURN SUCCESS } // MS_1252 encoding was used for SO60 document format password encoding, diff --git a/package/source/zippackage/ZipPackage.cxx b/package/source/zippackage/ZipPackage.cxx index 8c09bfefcbb6..32b506953422 100644 --- a/package/source/zippackage/ZipPackage.cxx +++ b/package/source/zippackage/ZipPackage.cxx @@ -1728,6 +1728,11 @@ uno::Sequence< sal_Int8 > ZipPackage::GetEncryptionKey() for (const auto& rKey : m_aStorageEncryptionKeys) if ( rKey.Name == aNameToFind ) rKey.Value >>= aResult; + + if (!aResult.hasElements() && m_aStorageEncryptionKeys.hasElements()) + { // tdf#159519 sanity check + throw uno::RuntimeException(THROW_WHERE "Expected key is missing!"); + } } else aResult = m_aEncryptionKey; diff --git a/sc/CppunitTest_sc_filters_test.mk b/sc/CppunitTest_sc_filters_test.mk index 67ef60664081..3dae5136e1e3 100644 --- a/sc/CppunitTest_sc_filters_test.mk +++ b/sc/CppunitTest_sc_filters_test.mk @@ -118,6 +118,7 @@ $(eval $(call gb_CppunitTest_use_components,sc_filters_test,\ uui/util/uui \ vcl/vcl.common \ xmloff/util/xo \ + xmlsecurity/util/xsec_xmlsec \ )) $(eval $(call gb_CppunitTest_use_configuration,sc_filters_test))