summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTor Andersson <tor.andersson@artifex.com>2014-05-15 12:13:19 +0200
committerTor Andersson <tor.andersson@artifex.com>2014-05-15 15:20:10 +0200
commit5509a4ef7520bf0b5280ce7d6af8eb15b1b8b0f1 (patch)
tree8925d0d4e5be85ca68f688fea692edecc8c398f2
parent9f510df7318ff4fc12ed4d35bd0454d5a8ddbd88 (diff)
downloadmupdf-5509a4ef7520bf0b5280ce7d6af8eb15b1b8b0f1.tar.xz
Fix 695101 and 694114: Use the correct numbers to validate the encryption key length.
This reverts commit b1ed116091b790223a976eca2381da2875341e10. The key length for V==2 must be 40 <= length <= 128. The key length for V==4 is not taken from the /Length entry.
-rw-r--r--source/pdf/pdf-crypt.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/source/pdf/pdf-crypt.c b/source/pdf/pdf-crypt.c
index dda53cf0..ef87655e 100644
--- a/source/pdf/pdf-crypt.c
+++ b/source/pdf/pdf-crypt.c
@@ -180,7 +180,7 @@ pdf_new_crypt(fz_context *ctx, pdf_obj *dict, pdf_obj *id)
/* Determine encryption key length */
crypt->length = 40;
- if (crypt->v == 2 || crypt->v == 4)
+ if (crypt->v == 2)
{
obj = pdf_dict_gets(dict, "Length");
if (pdf_is_int(obj))
@@ -195,7 +195,7 @@ pdf_new_crypt(fz_context *ctx, pdf_obj *dict, pdf_obj *id)
pdf_free_crypt(ctx, crypt);
fz_throw(ctx, FZ_ERROR_GENERIC, "invalid encryption key length");
}
- if (crypt->length < 0 || crypt->length > 256)
+ if (crypt->length < 40 || crypt->length > 128)
{
pdf_free_crypt(ctx, crypt);
fz_throw(ctx, FZ_ERROR_GENERIC, "invalid encryption key length");
@@ -694,8 +694,8 @@ pdf_authenticate_owner_password(fz_context *ctx, pdf_crypt *crypt, unsigned char
memcpy(userpass, crypt->o, 32);
for (x = 0; x < 20; x++)
{
- for (i = 0; i < 32; i++)
- xor[i] = pwbuf[i] ^ (19 - x);
+ for (i = 0; i < n; i++)
+ xor[i] = key[i] ^ (19 - x);
fz_arc4_init(&arc4, xor, n);
fz_arc4_encrypt(&arc4, userpass, userpass, 32);
}