Browse code
pdf: bb #7053
David Raynor authored on 2013/03/12 23:45:44Showing 1 changed files
| ... | ... |
@@ -326,6 +326,9 @@ static void pdfobj_flag(struct pdf_struct *pdf, struct pdf_obj *obj, enum pdf_fl |
| 326 | 326 |
case MANY_FILTERS: |
| 327 | 327 |
s = "more than 2 filters per obj"; |
| 328 | 328 |
break; |
| 329 |
+ case DECRYPTABLE_PDF: |
|
| 330 |
+ s = "decryptable PDF"; |
|
| 331 |
+ break; |
|
| 329 | 332 |
} |
| 330 | 333 |
cli_dbgmsg("cli_pdf: %s flagged in object %u %u\n", s, obj->id>>8, obj->id&0xff);
|
| 331 | 334 |
} |
| ... | ... |
@@ -1319,7 +1322,7 @@ static void pdf_parseobj(struct pdf_struct *pdf, struct pdf_obj *obj) |
| 1319 | 1319 |
nextclose = memchr(q, '>', enddict-q+1); |
| 1320 | 1320 |
if (nextclose && (nextclose[1] == '>')) {
|
| 1321 | 1321 |
/* check for nested open */ |
| 1322 |
- while (nextopen = memchr(q-1, '<', nextclose-q+1)) {
|
|
| 1322 |
+ while ((nextopen = memchr(q-1, '<', nextclose-q+1)) != NULL) {
|
|
| 1323 | 1323 |
if (nextopen[1] == '<') {
|
| 1324 | 1324 |
/* nested open */ |
| 1325 | 1325 |
blockopens++; |
| ... | ... |
@@ -1739,7 +1742,7 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O, |
| 1739 | 1739 |
dbg_printhex("cli_pdf: Candidate encryption key", pdf->key, pdf->keylen);
|
| 1740 | 1740 |
} |
| 1741 | 1741 |
} |
| 1742 |
- } else {
|
|
| 1742 |
+ } else if ((R >= 2) && (R <= 4)) {
|
|
| 1743 | 1743 |
/* 7.6.3.3 Algorithm 2 */ |
| 1744 | 1744 |
cli_md5_init(&md5); |
| 1745 | 1745 |
/* empty password, password == padding */ |
| ... | ... |
@@ -1753,9 +1756,9 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O, |
| 1753 | 1753 |
cli_md5_update(&md5, &v, 4); |
| 1754 | 1754 |
} |
| 1755 | 1755 |
cli_md5_final(result, &md5); |
| 1756 |
+ if (length > 128) |
|
| 1757 |
+ length = 128; |
|
| 1756 | 1758 |
if (R >= 3) {
|
| 1757 |
- if (length > 128) |
|
| 1758 |
- length = 128; |
|
| 1759 | 1759 |
for (i=0;i<50;i++) {
|
| 1760 | 1760 |
cli_md5_init(&md5); |
| 1761 | 1761 |
cli_md5_update(&md5, result, length/8); |
| ... | ... |
@@ -1807,6 +1810,12 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O, |
| 1807 | 1807 |
noisy_warnmsg("cli_pdf: invalid revision %d\n", R);
|
| 1808 | 1808 |
} |
| 1809 | 1809 |
} |
| 1810 |
+ else {
|
|
| 1811 |
+ /* Supported R is in {2,3,4,5} */
|
|
| 1812 |
+ cli_dbgmsg("cli_pdf: R value out of range\n");
|
|
| 1813 |
+ noisy_warnmsg("cli_pdf: R value out of range\n");
|
|
| 1814 |
+ return; |
|
| 1815 |
+ } |
|
| 1810 | 1816 |
if (password_empty) {
|
| 1811 | 1817 |
cli_dbgmsg("cli_pdf: user password is empty\n");
|
| 1812 | 1818 |
noisy_msg(pdf, "cli_pdf: encrypted PDF found, user password is empty, will attempt to decrypt\n"); |
| ... | ... |
@@ -1916,6 +1925,11 @@ static void pdf_handle_enc(struct pdf_struct *pdf) |
| 1916 | 1916 |
noisy_warnmsg("cli_pdf: invalid R\n");
|
| 1917 | 1917 |
break; |
| 1918 | 1918 |
} |
| 1919 |
+ if ((R > 5) || (R < 2)) {
|
|
| 1920 |
+ cli_dbgmsg("cli_pdf: R value outside supported range [2..5]\n");
|
|
| 1921 |
+ noisy_warnmsg("cli_pdf: R value outside supported range [2..5]\n");
|
|
| 1922 |
+ break; |
|
| 1923 |
+ } |
|
| 1919 | 1924 |
|
| 1920 | 1925 |
if (R < 5) |
| 1921 | 1926 |
oulen = 32; |