mirror of
https://github.com/michaelrsweet/pdfio.git
synced 2024-12-27 05:48:20 +01:00
Range check encrypted string length (Issue #52)
This commit is contained in:
parent
9fec2195d0
commit
0258384d53
@ -2,6 +2,12 @@ Changes in PDFio
|
|||||||
================
|
================
|
||||||
|
|
||||||
|
|
||||||
|
v1.1.4 (Month DD, YYYY)
|
||||||
|
-----------------------
|
||||||
|
|
||||||
|
- Fixed detection of encrypted strings that are too short (Issue #52)
|
||||||
|
|
||||||
|
|
||||||
v1.1.3 (November 15, 2023)
|
v1.1.3 (November 15, 2023)
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
|
@ -449,8 +449,15 @@ _pdfio_crypto_cb_t // O - Decryption callback or `NULL` for none
|
|||||||
*ivlen = 0;
|
*ivlen = 0;
|
||||||
return ((_pdfio_crypto_cb_t)_pdfioCryptoRC4Crypt);
|
return ((_pdfio_crypto_cb_t)_pdfioCryptoRC4Crypt);
|
||||||
|
|
||||||
case PDFIO_ENCRYPTION_RC4_128 :
|
|
||||||
case PDFIO_ENCRYPTION_AES_128 :
|
case PDFIO_ENCRYPTION_AES_128 :
|
||||||
|
if (*ivlen < 16)
|
||||||
|
{
|
||||||
|
*ivlen = 0;
|
||||||
|
_pdfioFileError(pdf, "Value too short for AES encryption.");
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
case PDFIO_ENCRYPTION_RC4_128 :
|
||||||
// Copy the key data for the MD5 hash.
|
// Copy the key data for the MD5 hash.
|
||||||
memcpy(data, pdf->file_key, sizeof(pdf->file_key));
|
memcpy(data, pdf->file_key, sizeof(pdf->file_key));
|
||||||
data[16] = (uint8_t)obj->number;
|
data[16] = (uint8_t)obj->number;
|
||||||
|
@ -383,7 +383,10 @@ _pdfioValueRead(pdfio_file_t *pdf, // I - PDF file
|
|||||||
return (false);
|
return (false);
|
||||||
}
|
}
|
||||||
|
|
||||||
cb = _pdfioCryptoMakeReader(pdf, obj, &ctx, v->value.binary.data, &ivlen);
|
ivlen = v->value.binary.datalen;
|
||||||
|
if ((cb = _pdfioCryptoMakeReader(pdf, obj, &ctx, v->value.binary.data, &ivlen)) == NULL)
|
||||||
|
return (false);
|
||||||
|
|
||||||
templen = (cb)(&ctx, temp, v->value.binary.data + ivlen, v->value.binary.datalen - ivlen);
|
templen = (cb)(&ctx, temp, v->value.binary.data + ivlen, v->value.binary.datalen - ivlen);
|
||||||
|
|
||||||
// Copy the decrypted string back to the value and adjust the length...
|
// Copy the decrypted string back to the value and adjust the length...
|
||||||
|
Loading…
Reference in New Issue
Block a user