From 2aaea1473962c5d0f62852a627ec0e5f0307f7bc Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Wed, 29 Nov 2017 11:51:15 +0000
Subject: ofz: avoid invalid short hashValues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: Ib7cd63351f4e5ed053e55fe9c5875ad92c81d762
Reviewed-on: https://gerrit.libreoffice.org/45490
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
---
 oox/source/crypto/AgileEngine.cxx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx
index 502b66a0a062..ef1440f5c96e 100644
--- a/oox/source/crypto/AgileEngine.cxx
+++ b/oox/source/crypto/AgileEngine.cxx
@@ -130,7 +130,7 @@ bool AgileEngine::generateEncryptionKey(const OUString& rPassword)
     std::vector<sal_uInt8> hash(mInfo.hashSize, 0);
     hashCalc(hash, hashInput, mInfo.hashAlgorithm);
 
-    if (std::equal (hash.begin(), hash.end(), hashValue.begin()) )
+    if (hash.size() <= hashValue.size() && std::equal(hash.begin(), hash.end(), hashValue.begin()))
     {
         std::vector<sal_uInt8>& encryptedKeyValue = mInfo.encryptedKeyValue;
         calculateBlock(constBlock3, hashFinal, encryptedKeyValue, mKey);
-- 
cgit