Bug 1411327
| Summary: | [fix available] Password Protected (Encrypted) files opening as plain text after cancelling password dialog | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | jigar <jraising> | |
| Component: | libreoffice | Assignee: | Michael Stahl <mstahl> | |
| Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 7.5-Alt | CC: | alanm, bsanford, caolanm, jkoten, jreznik, mstahl | |
| Target Milestone: | rc | Keywords: | ZStream | |
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | libreoffice-5.0.6.2-5.el7 | Doc Type: | Bug Fix | |
| Doc Text: |
Previously, when an incorrect password was entered for a password protected document, the document has beenoperation considered as valid and a fallback attempt to open it as plain text has been made. As a consequence, it could appear that the document succesfully loaded, while just the encrypted unreadable content was shown. A fix has been made to terminate import attempts after entering incorrect password, and now nothing is loaded when a wrong password is entered.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1426348 (view as bug list) | Environment: | ||
| Last Closed: | 2017-08-01 12:21:15 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1426348 | |||
|
Description
jigar
2017-01-09 13:43:29 UTC
To be very clear, and looking at what I get here with this version, the documents are encrypted correctly and are only decrypted successfully if the correct password is given, right ? But, if cancel is selected at the password dialog the import as a docx/pptx fails and the encrypted file is opened as raw text by some fall back logic. i.e. gibberish is shown. Which is the same thing as you would get if you e.g. opened the encrypted file in gedit as raw text. So, assuming I'm looking at the right problem, this is unsightly and we should just fail to open it, but its not a security issue because there is no data theft possibility. Such raw encrypted data can be opened and edited in any text editor. caolanm->mstahl: this happens in 5.0 but not in 5.1, can you track down the commit which make it behave as expected this is fixed upstream in 5.2.0 by
commit 579c2de3a88483eff0664d3a303b19cbd386db47
Author: Maxim Monastirsky <momonasmon>
AuthorDate: Wed Apr 27 16:19:13 2016 +0300
tdf#80999 Canceling password prompt should abort detection
... instead of continuing the detection loop and being
"detected" as plain text. The detection API will from now
return a type based on the file extension only, which is
far more useful than "plain text" anyway. Plus the media
descriptor has a flag to indicate that the detection wasn't
completed, which can be also used by the loading code to
abort the loading process.
patch applies cleanly to libreoffice-5-0 my branch and passes "make check".
fix committed Verified with RHEL-7.4-20170330.1 and libreoffice-5.0.6.2-7 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:1975 |