diff options
author | Miklos Vajna <vmiklos@collabora.com> | 2020-11-04 21:39:04 +0100 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.com> | 2020-12-01 18:06:31 +0100 |
commit | 91a39edbbd353326bd2cd37ea93be9f27d533ea5 (patch) | |
tree | 6f67c9fb411883bd4eeb63146027449d7bf8aecf /xmlsecurity/qa | |
parent | 008cb880632ea5143ddadc2c944297af010074e7 (diff) |
xmlsecurity: reject a few dangerous annotation types during pdf sig verify
(cherry picked from commit f231dacde9df1c4aa5f4e0970535c4f4093364a7)
Conflicts:
include/vcl/filter/PDFiumLibrary.hxx
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
xmlsecurity/source/helper/pdfsignaturehelper.cxx
xmlsecurity/source/pdfio/pdfdocument.cxx
Change-Id: I950b49a6e7181639daf27348ddfa0f36586baa65
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107000
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Diffstat (limited to 'xmlsecurity/qa')
-rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf | bin | 0 -> 22023 bytes | |||
-rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 18 |
2 files changed, 18 insertions, 0 deletions
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf Binary files differnew file mode 100644 index 000000000000..b30f5b03867c --- /dev/null +++ b/xmlsecurity/qa/unit/pdfsigning/data/bad-cert-p3-stamp.pdf diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index 60dcd0fc7544..05a91714ff09 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -78,6 +78,7 @@ public: void testPartial(); void testPartialInBetween(); void testBadCertP1(); + void testBadCertP3Stamp(); /// Test writing a PAdES signature. void testSigningCertificateAttribute(); /// Test that we accept files which are supposed to be good. @@ -101,6 +102,7 @@ public: CPPUNIT_TEST(testPartial); CPPUNIT_TEST(testPartialInBetween); CPPUNIT_TEST(testBadCertP1); + CPPUNIT_TEST(testBadCertP3Stamp); CPPUNIT_TEST(testSigningCertificateAttribute); CPPUNIT_TEST(testGood); CPPUNIT_TEST(testTokenize); @@ -456,6 +458,22 @@ void PDFSigningTest::testBadCertP1() rInformation.nStatus); } +void PDFSigningTest::testBadCertP3Stamp() +{ + std::vector<SignatureInformation> aInfos + = verify(m_directories.getURLFromSrc(DATA_DIRECTORY) + "bad-cert-p3-stamp.pdf", 1, + /*rExpectedSubFilter=*/OString()); + CPPUNIT_ASSERT(!aInfos.empty()); + SignatureInformation& rInformation = aInfos[0]; + + // Without the accompanying fix in place, this test would have failed with: + // - Expected: 0 (SecurityOperationStatus_UNKNOWN) + // - Actual : 1 (SecurityOperationStatus_OPERATION_SUCCEEDED) + // i.e. adding a stamp annotation was not considered as a bad modification. + CPPUNIT_ASSERT_EQUAL(xml::crypto::SecurityOperationStatus::SecurityOperationStatus_UNKNOWN, + rInformation.nStatus); +} + void PDFSigningTest::testSigningCertificateAttribute() { // Create a new signature. |