Relax the EncryptMetadata check.chromium/2957

BUG=pdfium:644

Review-Url: https://codereview.chromium.org/2581873002

5 files changed, 140 insertions, 5 deletions

diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp
index 5476b5485e..61834fca13 100644
--- a/core/fpdfapi/parser/cpdf_security_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler.cpp
@@ -386,10 +386,11 @@ bool CPDF_SecurityHandler::AES256_CheckPassword(const uint8_t* password,
   if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions)
     return false;
 
-  bool encrypted = IsMetadataEncrypted();
-  if ((buf[8] == 'T' && !encrypted) || (buf[8] == 'F' && encrypted))
-    return false;
-  return true;
+  // Relax this check as there appear to be some non-conforming documents
+  // in the wild. The value in the buffer is the truth; if it requires us
+  // to encrypt metadata, but the dictionary says otherwise, then we may
+  // have a tampered doc.  Otherwise, give it a pass.
+  return buf[8] == 'F' || IsMetadataEncrypted();
 }
 
 bool CPDF_SecurityHandler::CheckPassword(const uint8_t* password,
diff --git a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp
index 37b6d8fc33..c6c6217e2c 100644
--- a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp
@@ -21,6 +21,10 @@ TEST_F(CPDFSecurityHandlerEmbeddertest, NoPassword) {
   EXPECT_FALSE(OpenDocument("encrypted.pdf"));
 }
 
+TEST_F(CPDFSecurityHandlerEmbeddertest, BadPassword) {
+  EXPECT_FALSE(OpenDocument("encrypted.pdf", "tiger"));
+}
+
 TEST_F(CPDFSecurityHandlerEmbeddertest, UserPassword) {
   ASSERT_TRUE(OpenDocument("encrypted.pdf", "1234"));
   EXPECT_EQ(0xFFFFF2C0, FPDF_GetDocPermissions(document()));
@@ -30,3 +34,21 @@ TEST_F(CPDFSecurityHandlerEmbeddertest, OwnerPassword) {
   ASSERT_TRUE(OpenDocument("encrypted.pdf", "5678"));
   EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document()));
 }
+
+TEST_F(CPDFSecurityHandlerEmbeddertest, NoPasswordVersion5) {
+  ASSERT_FALSE(OpenDocument("bug_644.pdf"));
+}
+
+TEST_F(CPDFSecurityHandlerEmbeddertest, BadPasswordVersion5) {
+  ASSERT_FALSE(OpenDocument("bug_644.pdf", "tiger"));
+}
+
+TEST_F(CPDFSecurityHandlerEmbeddertest, OwnerPasswordVersion5) {
+  ASSERT_TRUE(OpenDocument("bug_644.pdf", "a"));
+  EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document()));
+}
+
+TEST_F(CPDFSecurityHandlerEmbeddertest, UserPasswordVersion5) {
+  ASSERT_TRUE(OpenDocument("bug_644.pdf", "b"));
+  EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document()));
+}
diff --git a/testing/embedder_test.cpp b/testing/embedder_test.cpp
index bc4c027c66..79074153fb 100644
--- a/testing/embedder_test.cpp
+++ b/testing/embedder_test.cpp
@@ -185,7 +185,7 @@ bool EmbedderTest::OpenDocument(const std::string& filename,
     if (must_linearize) {
       return false;
     }
-    document_ = FPDF_LoadCustomDocument(&file_access_, nullptr);
+    document_ = FPDF_LoadCustomDocument(&file_access_, password);
     if (!document_) {
       return false;
     }
diff --git a/testing/resources/bug_644.in b/testing/resources/bug_644.in
new file mode 100644
index 0000000000..0a936f58d8
--- /dev/null
+++ b/testing/resources/bug_644.in
@@ -0,0 +1,51 @@
+{{header}}
+{{object 1 0}} <<
+  /CF <<
+    /StdCF <<
+      /Length 32
+      /AuthEvent /DocOpen
+      /CFM /AESV3
+    >>
+  >>
+  /Filter /Standard
+  /Length 256
+  /O <B6C711683D98F878929688EF497A0BB928E1F0013A0B5C357BE701E42DC4A6A9E124B0C505DDDA91562C5EA791E2B7AC>
+  /OE <26B337B3B635C18262B4915289F1D353EB432D7E7FF6BE5450C82D690202A093>
+  /P 4092
+  /Perms <3D62C200CDB31A603EF202E12993AE13>
+  /R 5
+  /StmF /StdCF
+  /StrF /StdCF
+  /U <69F20E0450E8B2A8ACA6AF1DE1284DB11EC4E38F6E7CB2B9AE9A1CFF6F95BA6CD83783C4ED8B31D933482CBB7A791290>
+  /UE <5104E81C113D43246A264580FE82D2890B7B8CEEF4A3D667B81A32EED62D8C54>
+  /V 5
+>>
+endobj
+{{object 2 0}} <<
+  /Type /Catalog
+  /Pages 5 0 R
+>>
+endobj
+{{object 5 0}} <<
+  /Type /Pages
+  /Count 1
+  /Kids [6 0 R]
+>>
+endobj
+{{object 6 0}} <<
+  /Parent 5 0 R
+  /Resources <<
+    /ProcSet [/PDF /Text /ImageC]
+  >>
+  /MediaBox [0.00000 0.00000 595.00000 842.00000]
+  /Type /Page
+>>
+endobj
+{{xref}}
+trailer <<
+  /Encrypt 1 0 R
+  /Root 2 0 R
+  /Size 46
+>>
+{{startxref}}
+%%EOF
diff --git a/testing/resources/bug_644.pdf b/testing/resources/bug_644.pdf
new file mode 100644
index 0000000000..59d6ad2357
--- /dev/null
+++ b/testing/resources/bug_644.pdf
@@ -0,0 +1,61 @@
+%PDF-1.7
+% ò¤ô
+1 0 obj <<
+  /CF <<
+    /StdCF <<
+      /Length 32
+      /AuthEvent /DocOpen
+      /CFM /AESV3
+    >>
+  >>
+  /Filter /Standard
+  /Length 256
+  /O <B6C711683D98F878929688EF497A0BB928E1F0013A0B5C357BE701E42DC4A6A9E124B0C505DDDA91562C5EA791E2B7AC>
+  /OE <26B337B3B635C18262B4915289F1D353EB432D7E7FF6BE5450C82D690202A093>
+  /P 4092
+  /Perms <3D62C200CDB31A603EF202E12993AE13>
+  /R 5
+  /StmF /StdCF
+  /StrF /StdCF
+  /U <69F20E0450E8B2A8ACA6AF1DE1284DB11EC4E38F6E7CB2B9AE9A1CFF6F95BA6CD83783C4ED8B31D933482CBB7A791290>
+  /UE <5104E81C113D43246A264580FE82D2890B7B8CEEF4A3D667B81A32EED62D8C54>
+  /V 5
+>>
+endobj
+2 0 obj <<
+  /Type /Catalog
+  /Pages 5 0 R
+>>
+endobj
+5 0 obj <<
+  /Type /Pages
+  /Count 1
+  /Kids [6 0 R]
+>>
+endobj
+6 0 obj <<
+  /Parent 5 0 R
+  /Resources <<
+    /ProcSet [/PDF /Text /ImageC]
+  >>
+  /MediaBox [0.00000 0.00000 595.00000 842.00000]
+  /Type /Page
+>>
+endobj
+xref
+0 7
+0000000000 65535 f 
+0000000015 00000 n 
+0000000618 00000 n 
+0000000000 65535 f 
+0000000000 65535 f 
+0000000671 00000 n 
+0000000734 00000 n 
+trailer <<
+  /Encrypt 1 0 R
+  /Root 2 0 R
+  /Size 46
+>>
+startxref
+890
+%%EOF