|
 |
2f4c65 |
From 77f30ada1156ca1e1357776fea8e9dc113f6898d Mon Sep 17 00:00:00 2001
|
|
|
2f4c65 |
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
|
|
2f4c65 |
Date: Thu, 3 Mar 2022 14:22:37 +0000
|
|
|
2f4c65 |
Subject: [PATCH 1/5] CVE-2022-26305 compare authors using Thumbprint
|
|
|
2f4c65 |
|
|
|
2f4c65 |
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
|
|
|
2f4c65 |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
|
|
|
2f4c65 |
Tested-by: Jenkins
|
|
|
2f4c65 |
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
|
2f4c65 |
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
|
|
|
2f4c65 |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
|
|
|
2f4c65 |
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
|
2f4c65 |
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
|
|
|
2f4c65 |
---
|
|
|
2f4c65 |
.../component/documentdigitalsignatures.cxx | 23 +++++++++++++++----
|
|
|
2f4c65 |
1 file changed, 19 insertions(+), 4 deletions(-)
|
|
|
2f4c65 |
|
|
|
2f4c65 |
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
|
|
2f4c65 |
index b9066ea92cac..5a21c8421bec 100644
|
|
|
2f4c65 |
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
|
|
2f4c65 |
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
|
|
|
2f4c65 |
@@ -19,9 +19,10 @@
|
|
|
2f4c65 |
|
|
|
2f4c65 |
#include <resourcemanager.hxx>
|
|
|
2f4c65 |
|
|
|
2f4c65 |
-#include <digitalsignaturesdialog.hxx>
|
|
|
2f4c65 |
+#include <certificate.hxx>
|
|
|
2f4c65 |
#include <certificatechooser.hxx>
|
|
|
2f4c65 |
#include <certificateviewer.hxx>
|
|
|
2f4c65 |
+#include <digitalsignaturesdialog.hxx>
|
|
|
2f4c65 |
#include <macrosecurity.hxx>
|
|
|
2f4c65 |
#include <biginteger.hxx>
|
|
|
2f4c65 |
#include <strings.hrc>
|
|
|
2f4c65 |
@@ -666,9 +667,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
|
|
|
2f4c65 |
Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
|
|
|
2f4c65 |
|
|
|
2f4c65 |
return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
|
|
|
2f4c65 |
- [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
|
|
|
2f4c65 |
- return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())
|
|
|
2f4c65 |
- && ( rAuthor[1] == sSerialNum );
|
|
|
2f4c65 |
+ [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
|
|
|
2f4c65 |
+ if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()))
|
|
|
2f4c65 |
+ return false;
|
|
|
2f4c65 |
+ if (rAuthor[1] != sSerialNum)
|
|
|
2f4c65 |
+ return false;
|
|
|
2f4c65 |
+
|
|
|
2f4c65 |
+ DocumentSignatureManager aSignatureManager(mxCtx, {});
|
|
|
2f4c65 |
+ if (!aSignatureManager.init())
|
|
|
2f4c65 |
+ return false;
|
|
|
2f4c65 |
+ uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
|
|
|
2f4c65 |
+
|
|
|
2f4c65 |
+ auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
|
|
|
2f4c65 |
+ auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
|
|
|
2f4c65 |
+ if (pAuthor && pCert)
|
|
|
2f4c65 |
+ return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
|
|
|
2f4c65 |
+
|
|
|
2f4c65 |
+ return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
|
|
|
2f4c65 |
});
|
|
|
2f4c65 |
}
|
|
|
2f4c65 |
|
|
|
2f4c65 |
--
|
|
|
2f4c65 |
2.37.3
|
|
|
2f4c65 |
|