@@ -1,3 +1,7 @@

+Sun Aug 21 17:05:24 EEST 2011 (edwin)

+-------------------------------------

+ * libclamav/pdf.c:  fix incorrect blocking of some encrypted PDF with empty user passwords. (bb #3364)

+

 Mon Aug  8 11:32:31 CEST 2011 (tk)

 ----------------------------------

  * freshclam: add new option --update-db

@@ -1265,7 +1265,7 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O,

 	    memcpy(data, key_padding, 32);

 	    arc4_init(&arc4, pdf->key, pdf->keylen);

 	    arc4_apply(&arc4, data, 32);

-	    dbg_printhex("computed U", data, 32);

+	    dbg_printhex("computed U (R2)", data, 32);

 	    if (!memcmp(data, U, 32))

 		password_empty = 1;

 	} else if (R >= 3) {

@@ -1285,7 +1285,8 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O,

 		arc4_init(&arc4, data, len);

 		arc4_apply(&arc4, result, 16);

 	    }

-	    dbg_printhex("computed U", result, 16);

+	    dbg_printhex("fileID", pdf->fileID, pdf->fileIDlen);

+	    dbg_printhex("computed U (R>=3)", result, 16);

 	    if (!memcmp(result, U, 16))

 		password_empty = 1;

 	} else {

@@ -1330,6 +1331,13 @@ static void pdf_handle_enc(struct pdf_struct *pdf)

 	    cli_dbgmsg("cli_pdf: invalid P\n");

 	    break;

 	}

+	length = pdf_readint(q, len, "/Length");

+	if (length == ~0u)

+	    length = 40;

+	if (length < 40) {

+	    cli_dbgmsg("cli_pdf: invalid length: %d\n", length);

+	    length = 40;

+	}

 	q2 = cli_memstr(q, len, "/Standard", 9);

 	if (!q2) {

@@ -1385,13 +1393,6 @@ static void pdf_handle_enc(struct pdf_struct *pdf)

 		break;

 	    }

 	}

-	length = pdf_readint(q, len, "/Length");

-	if (length == ~0u)

-	    length = 40;

-	if (length < 40) {

-	    cli_dbgmsg("cli_pdf: invalid length: %d\n", length);

-	    length = 40;

-	}

 	cli_dbgmsg("cli_pdf: Encrypt R: %d, P %x, length: %d\n", R, P, length);

 	if (length % 8) {

 	    cli_dbgmsg("cli_pdf: wrong key length, not multiple of 8\n");