From cc75888c9e4cd09476287a8489c99fbf073feddb Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Thu, 3 Mar 2016 15:46:52 +0100 Subject: xmlsecurity OOXML export: don't attempt to sign other signatures For one, MSO doesn't do that either by default. For another, this would currently result in a io::IOException, because: - the root storage is opened read-write, to be able to add the signature - then _xmlsignatures/newsig is opened read-write to be able to write the signature - opening _xmlsignatures/something as read-only still opens the _xmlsignatures storage as read-write -> boom, we tried to open the same sub-storage read-write two times, OStorage::openStorageElement() detects that Change-Id: I2b90dc044bcfb835df4f19a339a0447e69f42975 --- xmlsecurity/source/helper/xsecctl.cxx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'xmlsecurity') diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index f347863f4b2f..288295b86925 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -993,7 +993,9 @@ static bool lcl_isOOXMLBlacklist(const OUString& rStreamName) { OUStringLiteral("/%5BContent_Types%5D.xml"), OUStringLiteral("/docProps/app.xml"), - OUStringLiteral("/docProps/core.xml") + OUStringLiteral("/docProps/core.xml"), + // Don't attempt to sign other signatures for now. + OUStringLiteral("/_xmlsignatures") }; // Just check the prefix, as we don't care about the content type part of the stream name. return std::find_if(vBlacklist.begin(), vBlacklist.end(), [&](const OUStringLiteral& rLiteral) { return rStreamName.startsWith(rLiteral); }) != vBlacklist.end(); -- cgit