ofz#55499 output buffer has to at least be the same size as input buffer

Change-Id: Ie80b058673c47db11334554189ad878a884e26db Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146306 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2023-01-29 14:31:08 +0000
committer: Caolán McNamara <caolanm@redhat.com> 2023-01-29 15:23:12 +0000
commit: 5583d5c71495402eeba568b36588cba345f4a623 (patch)
tree: beda6c4dd142adb062d47388e8e1b6952dfa56d8
parent: eff28a8a170759867916d7455b14e6a66a37daff (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx
index 09748e9dfd7b..f7518498171d 100644
--- a/oox/source/crypto/AgileEngine.cxx
+++ b/oox/source/crypto/AgileEngine.cxx
@@ -332,7 +332,9 @@ bool AgileEngine::decryptAndCheckVerifierHash(OUString const & rPassword)
 
     std::vector<sal_uInt8>& encryptedHashInput = mInfo.encryptedVerifierHashInput;
     // SALT - needs to be a multiple of block size (?)
-    sal_Int32 nSaltSize = roundUp(mInfo.saltSize, mInfo.blockSize);
+    sal_uInt32 nSaltSize = roundUp(mInfo.saltSize, mInfo.blockSize);
+    if (nSaltSize < encryptedHashInput.size())
+        return false;
     std::vector<sal_uInt8> hashInput(nSaltSize, 0);
     calculateBlock(constBlock1, hashFinal, encryptedHashInput, hashInput);
author	Caolán McNamara <caolanm@redhat.com>	2023-01-29 14:31:08 +0000
committer	Caolán McNamara <caolanm@redhat.com>	2023-01-29 15:23:12 +0000
commit	5583d5c71495402eeba568b36588cba345f4a623 (patch)
tree	beda6c4dd142adb062d47388e8e1b6952dfa56d8
parent	eff28a8a170759867916d7455b14e6a66a37daff (diff)