sfx2/source/doc/docfile.cxx | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
New commits:
commit 1d2218690382374f3962de014b151dbac84a1446
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu Dec 14 12:30:30 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Dec 14 18:31:44 2023 +0100
tdf#105844 sfx2: add another consistency check
SfxMedium::TryEncryptedInnerPackage() checks same mimetype of inner and
outer package for ODF wholesome encryption.
Change-Id: I8a5ef463c5f604a59573fb0f9e15453f22d867d6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160767
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/sfx2/source/doc/docfile.cxx b/sfx2/source/doc/docfile.cxx
index adc22797f6c3..0cdbd884663b 100644
--- a/sfx2/source/doc/docfile.cxx
+++ b/sfx2/source/doc/docfile.cxx
@@ -30,6 +30,7 @@
#include <com/sun/star/task/XStatusIndicator.hpp>
#include <com/sun/star/uno/Reference.h>
#include <com/sun/star/ucb/XContent.hpp>
+#include <com/sun/star/beans/XPropertySet.hpp>
#include <com/sun/star/container/XChild.hpp>
#include <com/sun/star/document/XDocumentRevisionListPersistence.hpp>
#include <com/sun/star/document/LockedDocumentRequest.hpp>
@@ -1722,7 +1723,8 @@
SfxMedium::TryEncryptedInnerPackage(uno::Reference<embed::XStorage> const xStora
xDecryptedInnerPackage = xStorage->openStreamElement(
"encrypted-package",
embed::ElementModes::READ | embed::ElementModes::NOCREATE);
- assert(xDecryptedInnerPackage.is()); // just for testing? not if wrong
pwd
+ // either this throws due to wrong password or IO error, or returns
stream
+ assert(xDecryptedInnerPackage.is());
// need a seekable stream => copy
Reference<uno::XComponentContext> const
xContext(::comphelper::getProcessComponentContext());
uno::Reference<io::XStream> const xDecryptedInnerPackageStream(
@@ -1740,11 +1742,22 @@
SfxMedium::TryEncryptedInnerPackage(uno::Reference<embed::XStorage> const xStora
SAL_DE BUG("AAA tempfile " << xTempFile->getResourceName());
uno::Reference<io::XSeekable>(xDecryptedInnerPackageStream,
uno::UNO_QUERY_THROW)->seek(0);
#endif
- // create storage, if this succeeds assume password is correct
+ // create inner storage; opening the stream should have already
verified
+ // the password so any failure here is probably due to a bug
xRet = ::comphelper::OStorageHelper::GetStorageOfFormatFromStream(
PACKAGE_STORAGE_FORMAT_STRING, xDecryptedInnerPackageStream,
embed::ElementModes::READWRITE, xContext, false);
assert(xRet.is());
+ // consistency check: outer and inner package must have same mimetype
+ OUString const
outerMediaType(uno::Reference<beans::XPropertySet>(pImpl->xStorage,
+
uno::UNO_QUERY_THROW)->getPropertyValue("MediaType").get<OUString>());
+ OUString const innerMediaType(uno::Reference<beans::XPropertySet>(xRet,
+
uno::UNO_QUERY_THROW)->getPropertyValue("MediaType").get<OUString>());
+ if (outerMediaType.isEmpty() || outerMediaType != innerMediaType)
+ {
+ throw io::WrongFormatException("MediaType inconsistent in
encrypted ODF package");
+ }
+ // success:
pImpl->m_bODFWholesomeEncryption = true;
pImpl->m_xODFDecryptedInnerPackageStream =
xDecryptedInnerPackageStream;
pImpl->m_xODFEncryptedOuterStorage = xStorage;
