rpms / libreoffice

Clone
Source Code
GIT

Blame SOURCES/0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-containeronly-stream-flatpak c8s c9 c9-beta c9-containeronly-stream-flatpak
  1.   461f4a9f476c5becfd908d93dd9e17e9bbd268c9
  2.   SOURCES
  3.   0001-CVE-2022-26305-compare-authors-using-Thumbprint.patch
Blob History Raw
461f4a 
From 77f30ada1156ca1e1357776fea8e9dc113f6898d Mon Sep 17 00:00:00 2001
461f4a 
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
461f4a 
Date: Thu, 3 Mar 2022 14:22:37 +0000
461f4a 
Subject: [PATCH 1/4] CVE-2022-26305 compare authors using Thumbprint
461f4a
461f4a 
Change-Id: I338f58eb07cbf0a3d13a7dafdaddac09252a8546
461f4a 
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130929
461f4a 
Tested-by: Jenkins
461f4a 
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
461f4a 
(cherry picked from commit 65442205b5b274ad309308162f150f8d41648f72)
461f4a 
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130866
461f4a 
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
461f4a 
(cherry picked from commit a7aaa78acea4c1d51283c2fce54ff9f5339026f8)
461f4a 
---
461f4a 
 .../component/documentdigitalsignatures.cxx   | 23 +++++++++++++++----
461f4a 
 1 file changed, 19 insertions(+), 4 deletions(-)
461f4a
461f4a 
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
461f4a 
index b9066ea92cac..5a21c8421bec 100644
461f4a 
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
461f4a 
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
461f4a 
@@ -19,9 +19,10 @@
461f4a
461f4a 
 #include <resourcemanager.hxx>
461f4a
461f4a 
-#include <digitalsignaturesdialog.hxx>
461f4a 
+#include <certificate.hxx>
461f4a 
 #include <certificatechooser.hxx>
461f4a 
 #include <certificateviewer.hxx>
461f4a 
+#include <digitalsignaturesdialog.hxx>
461f4a 
 #include <macrosecurity.hxx>
461f4a 
 #include <biginteger.hxx>
461f4a 
 #include <strings.hrc>
461f4a 
@@ -666,9 +667,23 @@ sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
461f4a 
     Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
461f4a
461f4a 
     return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
461f4a 
-        [&xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
461f4a 
-            return xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName())
461f4a 
-                && ( rAuthor[1] == sSerialNum );
461f4a 
+        [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
461f4a 
+            if (!xmlsecurity::EqualDistinguishedNames(rAuthor[0], xAuthor->getIssuerName()))
461f4a 
+                return false;
461f4a 
+            if (rAuthor[1] != sSerialNum)
461f4a 
+                return false;
461f4a 
+
461f4a 
+            DocumentSignatureManager aSignatureManager(mxCtx, {});
461f4a 
+            if (!aSignatureManager.init())
461f4a 
+                return false;
461f4a 
+            uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor[2]);
461f4a 
+
461f4a 
+            auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
461f4a 
+            auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
461f4a 
+            if (pAuthor && pCert)
461f4a 
+                return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
461f4a 
+
461f4a 
+            return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
461f4a 
         });
461f4a 
 }
461f4a
461f4a 
--
461f4a 
2.37.1
461f4a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation