From d8a4f5244d7513d488ed00bc6c58d06449db9db6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Caol=C3=A1n=20McNamara?= Date: Mon, 16 Mar 2026 17:22:23 +0000 Subject: [PATCH] [PATCH] Conform AlignEngine parsing to what section 2.3.4.10 of the spec has Change-Id: Ibb9162b1ce7993ef74665ec0329c95b423fa8174 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/201944 Reviewed-by: Adolfo Jayme Barrientos Tested-by: Jenkins Gbp-Pq: Name Conform-AlignEngine-parsing-to-spec.diff --- oox/source/crypto/AgileEngine.cxx | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx index f7518498171..7691cb8c39b 100644 --- a/oox/source/crypto/AgileEngine.cxx +++ b/oox/source/crypto/AgileEngine.cxx @@ -8,6 +8,8 @@ * */ +#include +#include #include #include @@ -537,8 +539,21 @@ bool AgileEngine::readEncryptionInfo(uno::Reference & rxInputS if (0 > mInfo.spinCount || mInfo.spinCount > 10000000) return false; - if (1 > mInfo.saltSize|| mInfo.saltSize > 65536) // Check + // [MS-OFFCRYPTO] 2.3.4.10: saltSize "MUST be at least 1 and no greater than 65,536" + if (1 > mInfo.saltSize || mInfo.saltSize > 65536) + { + SAL_WARN("oox", "AgileEngine::readEncryptionInfo(): saltSize out of range: " << mInfo.saltSize); + return false; + } + + // [MS-OFFCRYPTO] 2.3.4.10: "The number of bytes required to decode the saltValue + // attribute MUST be equal to the value of the saltSize attribute" + if (mInfo.keyDataSalt.size() != o3tl::make_unsigned(mInfo.saltSize)) + { + SAL_WARN("oox", "AgileEngine::readEncryptionInfo(): keyDataSalt size " << mInfo.keyDataSalt.size() + << " does not match saltSize " << mInfo.saltSize); return false; + } // AES 128 CBC with SHA1 if (mInfo.keyBits == 128 && -- 2.30.2