Bug 694114: Fix valgrind issue.

I believe the implementation for revision 3 is wrong. From pdf_reference17.pdf, step 5 of Algorithm 3.5 says: 5. Do the following 19 times: Take the output from the previous invocation of the RC4 function and pass it as input to a new invocation of the function; use an encryption key generated by taking each byte of the original encryption key (obtained in step 1) and performing an XOR (exclusive or) operation between that byte and the single-byte value of the iteration counter (from 1 to 19). "the original encryption key (obtained in step 1)" is pwbuf (32 bytes) not key. Even if it was key, it wouldn't be n bytes long, but only 16.
author: Robin Watts <robin@peeves.(none)> 2013-11-26 10:35:51 -0800
committer: Robin Watts <robin.watts@artifex.com> 2013-11-27 11:28:37 +0000
commit: b1ed116091b790223a976eca2381da2875341e10 (patch)
tree: 1a7f392836279ca0149add4edeb32af47c43c360 /source/pdf/pdf-crypt.c
parent: 08ca7372ab058bc283452515854a9f0210bd620e (diff)
download: mupdf-b1ed116091b790223a976eca2381da2875341e10.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/source/pdf/pdf-crypt.c b/source/pdf/pdf-crypt.c
index 850ab942..92a9e428 100644
--- a/source/pdf/pdf-crypt.c
+++ b/source/pdf/pdf-crypt.c
@@ -689,8 +689,8 @@ pdf_authenticate_owner_password(fz_context *ctx, pdf_crypt *crypt, unsigned char
 		memcpy(userpass, crypt->o, 32);
 		for (x = 0; x < 20; x++)
 		{
-			for (i = 0; i < n; i++)
-				xor[i] = key[i] ^ (19 - x);
+			for (i = 0; i < 32; i++)
+				xor[i] = pwbuf[i] ^ (19 - x);
 			fz_arc4_init(&arc4, xor, n);
 			fz_arc4_encrypt(&arc4, userpass, userpass, 32);
 		}
author	Robin Watts <robin@peeves.(none)>	2013-11-26 10:35:51 -0800
committer	Robin Watts <robin.watts@artifex.com>	2013-11-27 11:28:37 +0000
commit	b1ed116091b790223a976eca2381da2875341e10 (patch)
tree	1a7f392836279ca0149add4edeb32af47c43c360 /source/pdf/pdf-crypt.c
parent	08ca7372ab058bc283452515854a9f0210bd620e (diff)
download	mupdf-b1ed116091b790223a976eca2381da2875341e10.tar.xz