...
|
...
|
@@ -326,6 +326,9 @@ static void pdfobj_flag(struct pdf_struct *pdf, struct pdf_obj *obj, enum pdf_fl
|
326
|
326
|
case MANY_FILTERS:
|
327
|
327
|
s = "more than 2 filters per obj";
|
328
|
328
|
break;
|
|
329
|
+ case DECRYPTABLE_PDF:
|
|
330
|
+ s = "decryptable PDF";
|
|
331
|
+ break;
|
329
|
332
|
}
|
330
|
333
|
cli_dbgmsg("cli_pdf: %s flagged in object %u %u\n", s, obj->id>>8, obj->id&0xff);
|
331
|
334
|
}
|
...
|
...
|
@@ -1319,7 +1322,7 @@ static void pdf_parseobj(struct pdf_struct *pdf, struct pdf_obj *obj)
|
1319
|
1319
|
nextclose = memchr(q, '>', enddict-q+1);
|
1320
|
1320
|
if (nextclose && (nextclose[1] == '>')) {
|
1321
|
1321
|
/* check for nested open */
|
1322
|
|
- while (nextopen = memchr(q-1, '<', nextclose-q+1)) {
|
|
1322
|
+ while ((nextopen = memchr(q-1, '<', nextclose-q+1)) != NULL) {
|
1323
|
1323
|
if (nextopen[1] == '<') {
|
1324
|
1324
|
/* nested open */
|
1325
|
1325
|
blockopens++;
|
...
|
...
|
@@ -1739,7 +1742,7 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O,
|
1739
|
1739
|
dbg_printhex("cli_pdf: Candidate encryption key", pdf->key, pdf->keylen);
|
1740
|
1740
|
}
|
1741
|
1741
|
}
|
1742
|
|
- } else {
|
|
1742
|
+ } else if ((R >= 2) && (R <= 4)) {
|
1743
|
1743
|
/* 7.6.3.3 Algorithm 2 */
|
1744
|
1744
|
cli_md5_init(&md5);
|
1745
|
1745
|
/* empty password, password == padding */
|
...
|
...
|
@@ -1753,9 +1756,9 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O,
|
1753
|
1753
|
cli_md5_update(&md5, &v, 4);
|
1754
|
1754
|
}
|
1755
|
1755
|
cli_md5_final(result, &md5);
|
|
1756
|
+ if (length > 128)
|
|
1757
|
+ length = 128;
|
1756
|
1758
|
if (R >= 3) {
|
1757
|
|
- if (length > 128)
|
1758
|
|
- length = 128;
|
1759
|
1759
|
for (i=0;i<50;i++) {
|
1760
|
1760
|
cli_md5_init(&md5);
|
1761
|
1761
|
cli_md5_update(&md5, result, length/8);
|
...
|
...
|
@@ -1807,6 +1810,12 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O,
|
1807
|
1807
|
noisy_warnmsg("cli_pdf: invalid revision %d\n", R);
|
1808
|
1808
|
}
|
1809
|
1809
|
}
|
|
1810
|
+ else {
|
|
1811
|
+ /* Supported R is in {2,3,4,5} */
|
|
1812
|
+ cli_dbgmsg("cli_pdf: R value out of range\n");
|
|
1813
|
+ noisy_warnmsg("cli_pdf: R value out of range\n");
|
|
1814
|
+ return;
|
|
1815
|
+ }
|
1810
|
1816
|
if (password_empty) {
|
1811
|
1817
|
cli_dbgmsg("cli_pdf: user password is empty\n");
|
1812
|
1818
|
noisy_msg(pdf, "cli_pdf: encrypted PDF found, user password is empty, will attempt to decrypt\n");
|
...
|
...
|
@@ -1916,6 +1925,11 @@ static void pdf_handle_enc(struct pdf_struct *pdf)
|
1916
|
1916
|
noisy_warnmsg("cli_pdf: invalid R\n");
|
1917
|
1917
|
break;
|
1918
|
1918
|
}
|
|
1919
|
+ if ((R > 5) || (R < 2)) {
|
|
1920
|
+ cli_dbgmsg("cli_pdf: R value outside supported range [2..5]\n");
|
|
1921
|
+ noisy_warnmsg("cli_pdf: R value outside supported range [2..5]\n");
|
|
1922
|
+ break;
|
|
1923
|
+ }
|
1919
|
1924
|
|
1920
|
1925
|
if (R < 5)
|
1921
|
1926
|
oulen = 32;
|