Related rhbz#1618703: Properly handle failure encoding zip file

...when e.g. FIPS mode makes ZipFile::StaticGetCipher fail by throwing an exception which would be caught by ZipPackageStream::saveChild (in package/source/zippackage/ZipPackageStream.cxx) alright (and translated into bSuccess = false), if ZipFile::StaticGetCipher didn't unhelpfully swallow and ignore all exceptions in an outer try-catch. Change-Id: I14376128515df1dd4bdac921edd8ab94cc9b7617 Reviewed-on: https://gerrit.libreoffice.org/59514 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
author: Stephan Bergmann <sbergman@redhat.com> 2018-08-23 16:55:40 +0200
committer: Stephan Bergmann <sbergman@redhat.com> 2018-08-23 20:38:26 +0200
commit: 3cc6d3611ac8cbbfb9803f3a084d02edde470ad3 (patch)
tree: cc6a26de1a46adb40cbf1738c731e23b41c32865 /package
parent: e17987f4bd54fec7e0d94bdefdb94809255b3436 (diff)
1 files changed, 34 insertions, 41 deletions
diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx
index 27a89f27a1ba..270a2961b7c1 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -163,54 +163,47 @@ uno::Reference< xml::crypto::XCipherContext > ZipFile::StaticGetCipher( const un
 {
     uno::Reference< xml::crypto::XCipherContext > xResult;
 
-    try
+    if (xEncryptionData->m_nDerivedKeySize < 0)
     {
-        if (xEncryptionData->m_nDerivedKeySize < 0)
-        {
-            throw ZipIOException("Invalid derived key length!" );
-        }
+        throw ZipIOException("Invalid derived key length!" );
+    }
 
-        uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize );
-        if ( !xEncryptionData->m_nIterationCount &&
-             xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() )
-        {
-            // gpg4libre: no need to derive key, m_aKey is already
-            // usable as symmetric session key
-            aDerivedKey = xEncryptionData->m_aKey;
-        }
-        else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ),
-                            aDerivedKey.getLength(),
-                            reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ),
-                            xEncryptionData->m_aKey.getLength(),
-                            reinterpret_cast< const sal_uInt8 * > ( xEncryptionData->m_aSalt.getConstArray() ),
-                            xEncryptionData->m_aSalt.getLength(),
-                            xEncryptionData->m_nIterationCount ) )
-        {
-            throw ZipIOException("Can not create derived key!" );
-        }
+    uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize );
+    if ( !xEncryptionData->m_nIterationCount &&
+         xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() )
+    {
+        // gpg4libre: no need to derive key, m_aKey is already
+        // usable as symmetric session key
+        aDerivedKey = xEncryptionData->m_aKey;
+    }
+    else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ),
+                        aDerivedKey.getLength(),
+                        reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ),
+                        xEncryptionData->m_aKey.getLength(),
+                        reinterpret_cast< const sal_uInt8 * > ( xEncryptionData->m_aSalt.getConstArray() ),
+                        xEncryptionData->m_aSalt.getLength(),
+                        xEncryptionData->m_nIterationCount ) )
+    {
+        throw ZipIOException("Can not create derived key!" );
+    }
 
-        if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::AES_CBC_W3C_PADDING )
-        {
-            uno::Reference< uno::XComponentContext > xContext = xArgContext;
-            if ( !xContext.is() )
-                xContext = comphelper::getProcessComponentContext();
+    if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::AES_CBC_W3C_PADDING )
+    {
+        uno::Reference< uno::XComponentContext > xContext = xArgContext;
+        if ( !xContext.is() )
+            xContext = comphelper::getProcessComponentContext();
 
-            uno::Reference< xml::crypto::XNSSInitializer > xCipherContextSupplier = xml::crypto::NSSInitializer::create( xContext );
+        uno::Reference< xml::crypto::XNSSInitializer > xCipherContextSupplier = xml::crypto::NSSInitializer::create( xContext );
 
-            xResult = xCipherContextSupplier->getCipherContext( xEncryptionData->m_nEncAlg, aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt, uno::Sequence< beans::NamedValue >() );
-        }
-        else if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::BLOWFISH_CFB_8 )
-        {
-            xResult = BlowfishCFB8CipherContext::Create( aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt );
-        }
-        else
-        {
-            throw ZipIOException("Unknown cipher algorithm is requested!" );
-        }
+        xResult = xCipherContextSupplier->getCipherContext( xEncryptionData->m_nEncAlg, aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt, uno::Sequence< beans::NamedValue >() );
     }
-    catch( ... )
+    else if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::BLOWFISH_CFB_8 )
+    {
+        xResult = BlowfishCFB8CipherContext::Create( aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt );
+    }
+    else
     {
-        OSL_ENSURE( false, "Can not create cipher context!" );
+        throw ZipIOException("Unknown cipher algorithm is requested!" );
     }
 
     return xResult;
author	Stephan Bergmann <sbergman@redhat.com>	2018-08-23 16:55:40 +0200
committer	Stephan Bergmann <sbergman@redhat.com>	2018-08-23 20:38:26 +0200
commit	3cc6d3611ac8cbbfb9803f3a084d02edde470ad3 (patch)
tree	cc6a26de1a46adb40cbf1738c731e23b41c32865 /package
parent	e17987f4bd54fec7e0d94bdefdb94809255b3436 (diff)