From 7ba835ff5837290598d0b27c90a8abcfedf5b210 Mon Sep 17 00:00:00 2001
From: Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk>
Date: Sat, 7 Jul 2018 15:22:36 +0200
Subject: oox: Handle agile encryption info "reserved" field correctly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The "reserved" filed is written fter the version number major,
minor which is used to identify the encryption as agile. The
"reserved" field must always have the value 0x00000040. This
change writes the reserved filed correctly and when encryption and
when decrypting it checks the value an potentially bails out if
it desn't contain the expected value.

Change-Id: I2045dc64e0c6bbb3318384e25deef2ba8f41b94c
Reviewed-on: https://gerrit.libreoffice.org/57140
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
---
 oox/source/crypto/AgileEngine.cxx        | 12 +++++++++++-
 oox/source/crypto/DocumentDecryption.cxx |  1 -
 2 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'oox/source')

diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx
index a4fa8c476c74..299ba2802bfe 100644
--- a/oox/source/crypto/AgileEngine.cxx
+++ b/oox/source/crypto/AgileEngine.cxx
@@ -486,6 +486,16 @@ bool AgileEngine::decrypt(BinaryXInputStream& aInputStream,
 
 bool AgileEngine::readEncryptionInfo(uno::Reference<io::XInputStream> & rxInputStream)
 {
+    // Check reserved value
+    std::vector<sal_uInt8> aExpectedReservedBytes(sizeof(sal_uInt32));
+    ByteOrderConverter::writeLittleEndian(aExpectedReservedBytes.data(), msfilter::AGILE_ENCRYPTION_RESERVED);
+
+    uno::Sequence<sal_Int8> aReadReservedBytes(sizeof(sal_uInt32));
+    rxInputStream->readBytes(aReadReservedBytes, aReadReservedBytes.getLength());
+
+    if (!std::equal(aReadReservedBytes.begin(), aReadReservedBytes.end(), aExpectedReservedBytes.begin()))
+        return false;
+
     mInfo.spinCount = 0;
     mInfo.saltSize = 0;
     mInfo.keyBits = 0;
@@ -695,7 +705,7 @@ bool AgileEngine::setupEncryptionKey(OUString const & rPassword)
 void AgileEngine::writeEncryptionInfo(BinaryXOutputStream & rStream)
 {
     rStream.WriteUInt32(msfilter::VERSION_INFO_AGILE);
-    rStream.WriteUInt32(0); // reserved
+    rStream.WriteUInt32(msfilter::AGILE_ENCRYPTION_RESERVED);
 
     SvMemoryStream aMemStream;
     tools::XmlWriter aXmlWriter(&aMemStream);
diff --git a/oox/source/crypto/DocumentDecryption.cxx b/oox/source/crypto/DocumentDecryption.cxx
index b68882ad6b03..16cc29551b21 100644
--- a/oox/source/crypto/DocumentDecryption.cxx
+++ b/oox/source/crypto/DocumentDecryption.cxx
@@ -58,7 +58,6 @@ bool DocumentDecryption::readEncryptionInfo()
             break;
         case msfilter::VERSION_INFO_AGILE:
             mCryptoType = AGILE; // Set encryption info format
-            xEncryptionInfo->skipBytes(4);
             mEngine.reset(new AgileEngine);
             break;
         default:
-- 
cgit