mirror of
https://github.com/michaelrsweet/pdfio.git
synced 2024-12-26 05:18:21 +01:00
Range check encrypted string length (Issue #52)
This commit is contained in:
parent
9fec2195d0
commit
0258384d53
@ -2,6 +2,12 @@ Changes in PDFio
|
||||
================
|
||||
|
||||
|
||||
v1.1.4 (Month DD, YYYY)
|
||||
-----------------------
|
||||
|
||||
- Fixed detection of encrypted strings that are too short (Issue #52)
|
||||
|
||||
|
||||
v1.1.3 (November 15, 2023)
|
||||
--------------------------
|
||||
|
||||
|
@ -449,8 +449,15 @@ _pdfio_crypto_cb_t // O - Decryption callback or `NULL` for none
|
||||
*ivlen = 0;
|
||||
return ((_pdfio_crypto_cb_t)_pdfioCryptoRC4Crypt);
|
||||
|
||||
case PDFIO_ENCRYPTION_RC4_128 :
|
||||
case PDFIO_ENCRYPTION_AES_128 :
|
||||
if (*ivlen < 16)
|
||||
{
|
||||
*ivlen = 0;
|
||||
_pdfioFileError(pdf, "Value too short for AES encryption.");
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
case PDFIO_ENCRYPTION_RC4_128 :
|
||||
// Copy the key data for the MD5 hash.
|
||||
memcpy(data, pdf->file_key, sizeof(pdf->file_key));
|
||||
data[16] = (uint8_t)obj->number;
|
||||
|
@ -383,7 +383,10 @@ _pdfioValueRead(pdfio_file_t *pdf, // I - PDF file
|
||||
return (false);
|
||||
}
|
||||
|
||||
cb = _pdfioCryptoMakeReader(pdf, obj, &ctx, v->value.binary.data, &ivlen);
|
||||
ivlen = v->value.binary.datalen;
|
||||
if ((cb = _pdfioCryptoMakeReader(pdf, obj, &ctx, v->value.binary.data, &ivlen)) == NULL)
|
||||
return (false);
|
||||
|
||||
templen = (cb)(&ctx, temp, v->value.binary.data + ivlen, v->value.binary.datalen - ivlen);
|
||||
|
||||
// Copy the decrypted string back to the value and adjust the length...
|
||||
|
Loading…
Reference in New Issue
Block a user