File podofo_security-fixes-validate-more-encrypt-dictionary-parameters.patch of Package podofo.35912
commit 8f514d69b4ac3c9aa9f725fa93486fe4b7876642
Author: Francesco Pretto <ceztko@gmail.com>
Date: Wed Jun 28 10:20:35 2023 +0200
PdfEncrypt: Validate more encrypt dictionary parameters
This was discussed in https://github.com/podofo/podofo/issues/72#issuecomment-1521737241
--- src/base/PdfEncrypt.cpp 2024-06-29 23:24:08.488484759 +0800
+++ src/base/PdfEncrypt.cpp 2024-06-30 01:19:33.526926190 +0800
@@ -1010,6 +1010,13 @@
m_eAlgorithm = eAlgorithm;
m_eKeyLength = static_cast<EPdfKeyLength>(length);
m_keyLength = length/8;
+
+ if (oValue.GetLength() < 32)
+ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/O value is invalid");
+
+ if (uValue.GetLength() < 32)
+ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/U value is invalid");
+
memcpy( m_oValue, oValue.GetString(), 32 );
memcpy( m_uValue, uValue.GetString(), 32 );
@@ -1702,6 +1709,22 @@
m_eKeyLength = ePdfKeyLength_256;
m_keyLength = ePdfKeyLength_256 / 8;
m_rValue = 5;
+
+ if (oValue.GetLength() < 48)
+ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/O value is invalid");
+
+ if (oeValue.GetLength() < 32)
+ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/OE value is invalid");
+
+ if (uValue.GetLength() < 48)
+ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/U value is invalid");
+
+ if (ueValue.GetLength() < 32)
+ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/UE value is invalid");
+
+ if (permsValue.GetLength() < 16)
+ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, "/Perms value is invalid");
+
memcpy( m_oValue, oValue.GetString(), 48 );
memcpy( m_oeValue, oeValue.GetString(), 32 );
memcpy( m_uValue, uValue.GetString(), 48 );
--- src/base/PdfString.cpp 2024-06-29 23:24:08.360484891 +0800
+++ src/base/PdfString.cpp 2024-06-30 01:02:46.795354133 +0800
@@ -403,6 +403,11 @@
pDevice->Print( m_bHex ? ">" : ")" );
}
+const char* PdfString::GetString() const
+{
+ return m_buffer.GetBuffer();
+}
+
const PdfString & PdfString::operator=( const PdfString & rhs )
{
this->m_bHex = rhs.m_bHex;
--- src/base/PdfString.h 2011-01-21 22:36:59.000000000 +0800
+++ src/base/PdfString.h 2024-06-29 23:58:04.711185149 +0800
@@ -203,7 +203,7 @@
* \see IsUnicode
* \see Length
*/
- inline const char* GetString() const;
+ const char* GetString() const;
/** The contents of the strings can be read
* by this function.
@@ -450,14 +450,6 @@
}
// -----------------------------------------------------
-//
-// -----------------------------------------------------
-const char* PdfString::GetString() const
-{
- return m_buffer.GetBuffer();
-}
-
-// -----------------------------------------------------
//
// -----------------------------------------------------
const pdf_utf16be* PdfString::GetUnicode() const
