diff options
| author | thestig <thestig@chromium.org> | 2016-10-31 13:06:39 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-10-31 13:06:39 -0700 |
| commit | a3580f9fb0eb11f7a501a28be953ff948c28ce06 (patch) | |
| tree | 59ac928c8ec6598c3eddf0b9743d8fa45c5e365d | |
| parent | 42cb64572198bf8a72de9b18eae9f9dd9a07beb7 (diff) | |
| download | pdfium-a3580f9fb0eb11f7a501a28be953ff948c28ce06.tar.xz | |
Fix a memory leak in CPDF_SecurityHandler.
AES256_CheckPassword() leaks memory on failure.
Clean up some nits.
BUG=chromium:659468
Review-Url: https://codereview.chromium.org/2463183002
| -rw-r--r-- | core/fpdfapi/parser/cpdf_security_handler.cpp | 42 |
1 files changed, 19 insertions, 23 deletions
diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp index 83fb6254bc..80a1f08f94 100644 --- a/core/fpdfapi/parser/cpdf_security_handler.cpp +++ b/core/fpdfapi/parser/cpdf_security_handler.cpp @@ -349,41 +349,37 @@ FX_BOOL CPDF_SecurityHandler::AES256_CheckPassword(const uint8_t* password, CFX_ByteString ekey = m_pEncryptDict ? m_pEncryptDict->GetStringFor(bOwner ? "OE" : "UE") : CFX_ByteString(); - if (ekey.GetLength() < 32) { + if (ekey.GetLength() < 32) return FALSE; - } - uint8_t* aes = FX_Alloc(uint8_t, 2048); - CRYPT_AESSetKey(aes, 16, digest, 32, FALSE); + + std::vector<uint8_t> aes(2048); + CRYPT_AESSetKey(aes.data(), 16, digest, 32, FALSE); uint8_t iv[16]; FXSYS_memset(iv, 0, 16); - CRYPT_AESSetIV(aes, iv); - CRYPT_AESDecrypt(aes, key, ekey.raw_str(), 32); - CRYPT_AESSetKey(aes, 16, key, 32, FALSE); - CRYPT_AESSetIV(aes, iv); + CRYPT_AESSetIV(aes.data(), iv); + CRYPT_AESDecrypt(aes.data(), key, ekey.raw_str(), 32); + CRYPT_AESSetKey(aes.data(), 16, key, 32, FALSE); + CRYPT_AESSetIV(aes.data(), iv); CFX_ByteString perms = m_pEncryptDict->GetStringFor("Perms"); - if (perms.IsEmpty()) { + if (perms.IsEmpty()) return FALSE; - } + uint8_t perms_buf[16]; FXSYS_memset(perms_buf, 0, sizeof(perms_buf)); - uint32_t copy_len = sizeof(perms_buf); - if (copy_len > (uint32_t)perms.GetLength()) { - copy_len = perms.GetLength(); - } + size_t copy_len = + std::min(sizeof(perms_buf), static_cast<size_t>(perms.GetLength())); FXSYS_memcpy(perms_buf, perms.raw_str(), copy_len); uint8_t buf[16]; - CRYPT_AESDecrypt(aes, buf, perms_buf, 16); - FX_Free(aes); - if (buf[9] != 'a' || buf[10] != 'd' || buf[11] != 'b') { + CRYPT_AESDecrypt(aes.data(), buf, perms_buf, 16); + if (buf[9] != 'a' || buf[10] != 'd' || buf[11] != 'b') return FALSE; - } - if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions) { + + if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions) return FALSE; - } - if ((buf[8] == 'T' && !IsMetadataEncrypted()) || - (buf[8] == 'F' && IsMetadataEncrypted())) { + + bool encrypted = IsMetadataEncrypted(); + if ((buf[8] == 'T' && !encrypted) || (buf[8] == 'F' && encrypted)) return FALSE; - } return TRUE; } |