diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2024-02-21 18:01:41 +0100 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2024-02-22 12:37:29 +0100 |
commit | 58c31ded0264103769595a1b25739b0e8df571cd (patch) | |
tree | 58c8e25c1f8b701ea0d7726668b559a2f52455aa /comphelper | |
parent | UBSan RTTI fixes (diff) | |
download | core-58c31ded0264103769595a1b25739b0e8df571cd.tar.gz core-58c31ded0264103769595a1b25739b0e8df571cd.zip |
tdf#159519 comphelper,package: do not store document without SHA256
The problem is that on Windows 7 the password-encrypted documents are
stored unencrypted, without any error message.
This is due to defensive programming in
OStorageHelper::CreatePackageEncryptionData(), which happily continues
if creating the SHA256 hash fails, which is the one required for storing
anything newer than ODF 1.1.
Also, the poorly named ZipPackage::GetEncryptionKey() should check for
consistency, the expectation is that either there's no encryption key
(empty sequence), or the expected one is in the sequence.
Creating the SHA256 uses the crypto::NSSInitializer component, which is
in xsec_xmlsec.dll, which is linked to libxmlsec-mscng.dll, which is
linked to Win32 bcrypt.dll, which doesn't have BCryptKeyDerivation on
Windows 7; to reproduce elsewhere, rm instdir/program/libxsec_xmlsec.so
(regression from commit 26bf26272bf525b59b4a4ce18b3ce14c1febfd7b
and (due to revert) commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b)
Change-Id: I0b22e20f6d4d0b1a12ed7d99fac7b5243910f9ba
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163708
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'comphelper')
-rw-r--r-- | comphelper/source/misc/storagehelper.cxx | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/comphelper/source/misc/storagehelper.cxx b/comphelper/source/misc/storagehelper.cxx index c190d099ea00..1d504cb91725 100644 --- a/comphelper/source/misc/storagehelper.cxx +++ b/comphelper/source/misc/storagehelper.cxx @@ -390,6 +390,7 @@ uno::Sequence< beans::NamedValue > OStorageHelper::CreatePackageEncryptionData( catch ( uno::Exception& ) { TOOLS_WARN_EXCEPTION("comphelper", "Can not create SHA256 digest!" ); + throw; // tdf#159519 DO NOT RETURN SUCCESS } // MS_1252 encoding was used for SO60 document format password encoding, |