xmlsecurity: W3C padding max size is the block size

Change-Id: I90c48aafd11deb2895d01c90764fc433a9161e07 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160434 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
author: Michael Stahl <michael.stahl@allotropia.de> 2023-12-07 15:46:59 +0100
committer: Michael Stahl <michael.stahl@allotropia.de> 2023-12-07 18:01:49 +0100
commit: c218b7eab57625a256023e82e2f77a6c3d18fe46 (patch)
tree: 789e6041baf47b35fd137cf53dae153a1da59408 /xmlsecurity/source
parent: e89c2a5ae15247469f67ed2b716b54a0041a2aea (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
index 9577c6d9c025..5be6eb26c6d2 100644
--- a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
+++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
@@ -23,6 +23,7 @@
 #include <osl/diagnose.h>
 #include <rtl/random.h>
 #include <rtl/ref.hxx>
+#include <sal/log.hxx>
 
 #include "ciphercontext.hxx"
 #include <pk11pub.h>
@@ -247,7 +248,8 @@ uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDis
         OSL_ENSURE( aResult.getLength() >= m_nBlockSize, "Not enough data to handle the padding!" );
 
         sal_Int8 nBytesToRemove = aResult[aResult.getLength() - 1];
-        if ( nBytesToRemove <= 0 || nBytesToRemove > aResult.getLength() )
+        // see https://www.w3.org/TR/xmlenc-core1/#sec-Alg-Block
+        if (nBytesToRemove <= 0 || m_nBlockSize < nBytesToRemove)
         {
             m_bBroken = true;
             Dispose();
author	Michael Stahl <michael.stahl@allotropia.de>	2023-12-07 15:46:59 +0100
committer	Michael Stahl <michael.stahl@allotropia.de>	2023-12-07 18:01:49 +0100
commit	c218b7eab57625a256023e82e2f77a6c3d18fe46 (patch)
tree	789e6041baf47b35fd137cf53dae153a1da59408 /xmlsecurity/source
parent	e89c2a5ae15247469f67ed2b716b54a0041a2aea (diff)