sanitize crypt revision in pdf_new_crypt

(Second part of Simons patch - apologies for missing this the first time). This correctly enables the sanitization of the key length needed for 90db34f64037e2a8a5c3b6a518ba4153_asan_heap-oob_9b117e_1197_1802.pdf Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for providing the example files.
author: Simon Bünzli <zeniko@gmail.com> 2014-01-08 16:23:12 +0100
committer: Robin Watts <robin.watts@artifex.com> 2014-01-08 18:09:44 +0000
commit: bdb5cdee34edc38e47bf9b3a9830830d072f0c91 (patch)
tree: 7557b75619c1892668625567f38a835cbc4ba365 /source/pdf
parent: c8f982de83a6d98274b9ca85a5767cd3d13c9373 (diff)
download: mupdf-bdb5cdee34edc38e47bf9b3a9830830d072f0c91.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/source/pdf/pdf-crypt.c b/source/pdf/pdf-crypt.c
index daeead1a..dda53cf0 100644
--- a/source/pdf/pdf-crypt.c
+++ b/source/pdf/pdf-crypt.c
@@ -318,7 +318,7 @@ pdf_parse_crypt_filter(fz_context *ctx, pdf_crypt_filter *cf, pdf_crypt *crypt,
 	if ((cf->length % 8) != 0)
 		fz_throw(ctx, FZ_ERROR_GENERIC, "invalid key length: %d", cf->length);
 
-	if ((crypt->r == 1 || crypt->r == 2 || crypt->r == 4) &&
+	if ((crypt->r == 1 || crypt->r == 2 || crypt->r == 3 || crypt->r == 4) &&
 		(cf->length < 0 || cf->length > 128))
 		fz_throw(ctx, FZ_ERROR_GENERIC, "invalid key length: %d", cf->length);
 	if ((crypt->r == 5 || crypt->r == 6) && cf->length != 256)
author	Simon Bünzli <zeniko@gmail.com>	2014-01-08 16:23:12 +0100
committer	Robin Watts <robin.watts@artifex.com>	2014-01-08 18:09:44 +0000
commit	bdb5cdee34edc38e47bf9b3a9830830d072f0c91 (patch)
tree	7557b75619c1892668625567f38a835cbc4ba365 /source/pdf
parent	c8f982de83a6d98274b9ca85a5767cd3d13c9373 (diff)
download	mupdf-bdb5cdee34edc38e47bf9b3a9830830d072f0c91.tar.xz