gpg4libre: Don't use xmlStrlen on binary data

Odd things happen inside gpgme if the buffer is prematurely
truncated due to \n char and valid signature is then evaluated
as invalid

Change-Id: I24d4d22af06a3dde6eb7fdfc12953cf1b5f19c1e
Reviewed-on: https://gerrit.libreoffice.org/39945
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>

1 files changed, 3 insertions, 2 deletions

diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
index 8cec0ceb6fe7..1849e7d3bc22 100644
--- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
+++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
@@ -352,12 +352,13 @@ SAL_CALL XMLSignature_GpgImpl::validate(
         if(!xmlSecCheckNodeName(cur, xmlSecNodeSignatureValue, xmlSecDSigNs))
             throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
         xmlChar* pSignatureValue=xmlNodeGetContent(cur);
-        if(xmlSecBase64Decode(pSignatureValue, reinterpret_cast<xmlSecByte*>(pSignatureValue), xmlStrlen(pSignatureValue)) < 0)
+        int nSigSize = xmlSecBase64Decode(pSignatureValue, reinterpret_cast<xmlSecByte*>(pSignatureValue), xmlStrlen(pSignatureValue));
+        if( nSigSize < 0)
             throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
 
         GpgME::Data data_signature(
             reinterpret_cast<char*>(pSignatureValue),
-            xmlStrlen(pSignatureValue), false);
+            nSigSize, false);
 
         GpgME::VerificationResult verify_res=rCtx.verifyDetachedSignature(
             data_signature, data_text);