Length was not found, because of the order we read the values.
Török Edvin authored on 2011/08/21 23:04:07... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Sun Aug 21 17:05:24 EEST 2011 (edwin) |
|
2 |
+------------------------------------- |
|
3 |
+ * libclamav/pdf.c: fix incorrect blocking of some encrypted PDF with empty user passwords. (bb #3364) |
|
4 |
+ |
|
1 | 5 |
Mon Aug 8 11:32:31 CEST 2011 (tk) |
2 | 6 |
---------------------------------- |
3 | 7 |
* freshclam: add new option --update-db |
... | ... |
@@ -1265,7 +1265,7 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O, |
1265 | 1265 |
memcpy(data, key_padding, 32); |
1266 | 1266 |
arc4_init(&arc4, pdf->key, pdf->keylen); |
1267 | 1267 |
arc4_apply(&arc4, data, 32); |
1268 |
- dbg_printhex("computed U", data, 32); |
|
1268 |
+ dbg_printhex("computed U (R2)", data, 32); |
|
1269 | 1269 |
if (!memcmp(data, U, 32)) |
1270 | 1270 |
password_empty = 1; |
1271 | 1271 |
} else if (R >= 3) { |
... | ... |
@@ -1285,7 +1285,8 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O, |
1285 | 1285 |
arc4_init(&arc4, data, len); |
1286 | 1286 |
arc4_apply(&arc4, result, 16); |
1287 | 1287 |
} |
1288 |
- dbg_printhex("computed U", result, 16); |
|
1288 |
+ dbg_printhex("fileID", pdf->fileID, pdf->fileIDlen); |
|
1289 |
+ dbg_printhex("computed U (R>=3)", result, 16); |
|
1289 | 1290 |
if (!memcmp(result, U, 16)) |
1290 | 1291 |
password_empty = 1; |
1291 | 1292 |
} else { |
... | ... |
@@ -1330,6 +1331,13 @@ static void pdf_handle_enc(struct pdf_struct *pdf) |
1330 | 1330 |
cli_dbgmsg("cli_pdf: invalid P\n"); |
1331 | 1331 |
break; |
1332 | 1332 |
} |
1333 |
+ length = pdf_readint(q, len, "/Length"); |
|
1334 |
+ if (length == ~0u) |
|
1335 |
+ length = 40; |
|
1336 |
+ if (length < 40) { |
|
1337 |
+ cli_dbgmsg("cli_pdf: invalid length: %d\n", length); |
|
1338 |
+ length = 40; |
|
1339 |
+ } |
|
1333 | 1340 |
|
1334 | 1341 |
q2 = cli_memstr(q, len, "/Standard", 9); |
1335 | 1342 |
if (!q2) { |
... | ... |
@@ -1385,13 +1393,6 @@ static void pdf_handle_enc(struct pdf_struct *pdf) |
1385 | 1385 |
break; |
1386 | 1386 |
} |
1387 | 1387 |
} |
1388 |
- length = pdf_readint(q, len, "/Length"); |
|
1389 |
- if (length == ~0u) |
|
1390 |
- length = 40; |
|
1391 |
- if (length < 40) { |
|
1392 |
- cli_dbgmsg("cli_pdf: invalid length: %d\n", length); |
|
1393 |
- length = 40; |
|
1394 |
- } |
|
1395 | 1388 |
cli_dbgmsg("cli_pdf: Encrypt R: %d, P %x, length: %d\n", R, P, length); |
1396 | 1389 |
if (length % 8) { |
1397 | 1390 |
cli_dbgmsg("cli_pdf: wrong key length, not multiple of 8\n"); |