mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xmlsecurity OOXML export: don't attempt to sign other signatures

Browse Source 
For one, MSO doesn't do that either by default.

For another, this would currently result in a io::IOException, because:

- the root storage is opened read-write, to be able to add the signature
- then _xmlsignatures/newsig is opened read-write to be able to write
  the signature
- opening _xmlsignatures/something as read-only still opens the
  _xmlsignatures storage as read-write -> boom, we tried to open the
  same sub-storage read-write two times, OStorage::openStorageElement()
  detects that

Change-Id: I2b90dc044bcfb835df4f19a339a0447e69f42975
This commit is contained in:
Miklos Vajna
2016-03-03 15:46:52 +01:00
parent 963264a417
commit cc75888c9e
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xmlsecurity/source/helper/xsecctl.cxx
View File

@@ -993,7 +993,9 @@ static bool lcl_isOOXMLBlacklist(const OUString& rStreamName)
{
OUStringLiteral("/%5BContent_Types%5D.xml"),
OUStringLiteral("/docProps/app.xml"),
OUStringLiteral("/docProps/core.xml")
OUStringLiteral("/docProps/core.xml"),
// Don't attempt to sign other signatures for now.
OUStringLiteral("/_xmlsignatures")
};
// Just check the prefix, as we don't care about the content type part of the stream name.
return std::find_if(vBlacklist.begin(), vBlacklist.end(), [&](const OUStringLiteral& rLiteral) { return rStreamName.startsWith(rLiteral); }) != vBlacklist.end();