Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
podofo.34526
podofo_security-fixes-validate-more-encrypt-dic...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File podofo_security-fixes-validate-more-encrypt-dictionary-parameters.patch of Package podofo.34526
commit 8f514d69b4ac3c9aa9f725fa93486fe4b7876642 Author: Francesco Pretto <ceztko@gmail.com> Date: Wed Jun 28 10:20:35 2023 +0200 PdfEncrypt: Validate more encrypt dictionary parameters This was discussed in https://github.com/podofo/podofo/issues/72#issuecomment-1521737241 --- src/base/PdfEncrypt.cpp 2024-06-29 23:24:08.488484759 +0800 +++ src/base/PdfEncrypt.cpp 2024-06-30 01:19:33.526926190 +0800 @@ -1010,6 +1010,13 @@ m_eAlgorithm = eAlgorithm; m_eKeyLength = static_cast<EPdfKeyLength>(length); m_keyLength = length/8; + + if (oValue.GetLength() < 32) + PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/O value is invalid"); + + if (uValue.GetLength() < 32) + PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/U value is invalid"); + memcpy( m_oValue, oValue.GetString(), 32 ); memcpy( m_uValue, uValue.GetString(), 32 ); @@ -1702,6 +1709,22 @@ m_eKeyLength = ePdfKeyLength_256; m_keyLength = ePdfKeyLength_256 / 8; m_rValue = 5; + + if (oValue.GetLength() < 48) + PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/O value is invalid"); + + if (oeValue.GetLength() < 32) + PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/OE value is invalid"); + + if (uValue.GetLength() < 48) + PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/U value is invalid"); + + if (ueValue.GetLength() < 32) + PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/UE value is invalid"); + + if (permsValue.GetLength() < 16) + PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/Perms value is invalid"); + memcpy( m_oValue, oValue.GetString(), 48 ); memcpy( m_oeValue, oeValue.GetString(), 32 ); memcpy( m_uValue, uValue.GetString(), 48 ); --- src/base/PdfString.cpp 2024-06-29 23:24:08.360484891 +0800 +++ src/base/PdfString.cpp 2024-06-30 01:02:46.795354133 +0800 @@ -403,6 +403,11 @@ pDevice->Print( m_bHex ? ">" : ")" ); } +const char* PdfString::GetString() const +{ + return m_buffer.GetBuffer(); +} + const PdfString & PdfString::operator=( const PdfString & rhs ) { this->m_bHex = rhs.m_bHex; --- src/base/PdfString.h 2011-01-21 22:36:59.000000000 +0800 +++ src/base/PdfString.h 2024-06-29 23:58:04.711185149 +0800 @@ -203,7 +203,7 @@ * \see IsUnicode * \see Length */ - inline const char* GetString() const; + const char* GetString() const; /** The contents of the strings can be read * by this function. @@ -450,14 +450,6 @@ } // ----------------------------------------------------- -// -// ----------------------------------------------------- -const char* PdfString::GetString() const -{ - return m_buffer.GetBuffer(); -} - -// ----------------------------------------------------- // // ----------------------------------------------------- const pdf_utf16be* PdfString::GetUnicode() const
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor