diff options
author | Ryan Harrison <rharrison@chromium.org> | 2017-09-12 15:30:55 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-09-12 20:17:27 +0000 |
commit | 5b2092a1ec59077b430bd2cab91554cad2eb5128 (patch) | |
tree | e7445178ad8133b1d162c61e469be809a3f5e26f | |
parent | 8ac74971a33520afb73a8ca6628da1a0a78c85a8 (diff) | |
download | pdfium-5b2092a1ec59077b430bd2cab91554cad2eb5128.tar.xz |
Don't attempt to decrypt AES streams that are too shortchromium/3214
When reading a stream, if it is encrypted using an AES cipher it must
be atleast 16 bytes long aka 128 bits, other wise it is malformed.
BUG=chromium:763585
Change-Id: Ied7c36978f1eb24aeda93a184527b6d6a191e5c3
Reviewed-on: https://pdfium-review.googlesource.com/13751
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
-rw-r--r-- | core/fpdfapi/parser/cpdf_crypto_handler.cpp | 4 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_crypto_handler.h | 1 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_syntax_parser.cpp | 3 |
3 files changed, 8 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_crypto_handler.cpp b/core/fpdfapi/parser/cpdf_crypto_handler.cpp index ef84480c23..74428ba6a8 100644 --- a/core/fpdfapi/parser/cpdf_crypto_handler.cpp +++ b/core/fpdfapi/parser/cpdf_crypto_handler.cpp @@ -297,6 +297,10 @@ bool CPDF_CryptoHandler::Init(int cipher, const uint8_t* key, int keylen) { return true; } +bool CPDF_CryptoHandler::IsCipherAES() const { + return m_Cipher == FXCIPHER_AES; +} + bool CPDF_CryptoHandler::DecryptStream(void* context, const uint8_t* src_buf, uint32_t src_size, diff --git a/core/fpdfapi/parser/cpdf_crypto_handler.h b/core/fpdfapi/parser/cpdf_crypto_handler.h index 14a5743d15..adf0c6c680 100644 --- a/core/fpdfapi/parser/cpdf_crypto_handler.h +++ b/core/fpdfapi/parser/cpdf_crypto_handler.h @@ -48,6 +48,7 @@ class CPDF_CryptoHandler : public CFX_Retainable { uint32_t& dest_size); bool Init(int cipher, const uint8_t* key, int keylen); + bool IsCipherAES() const; private: CPDF_CryptoHandler(); diff --git a/core/fpdfapi/parser/cpdf_syntax_parser.cpp b/core/fpdfapi/parser/cpdf_syntax_parser.cpp index 4a7810fc43..779bf81e0f 100644 --- a/core/fpdfapi/parser/cpdf_syntax_parser.cpp +++ b/core/fpdfapi/parser/cpdf_syntax_parser.cpp @@ -690,6 +690,9 @@ std::unique_ptr<CPDF_Stream> CPDF_SyntaxParser::ReadStream( std::unique_ptr<uint8_t, FxFreeDeleter> pData; if (len > 0) { + if (pCryptoHandler && pCryptoHandler->IsCipherAES() && len < 16) + return nullptr; + pData.reset(FX_Alloc(uint8_t, len)); ReadBlock(pData.get(), len); if (pCryptoHandler) { |