Don't attempt to decrypt AES streams that are too shortchromium/3214

When reading a stream, if it is encrypted using an AES cipher it must be atleast 16 bytes long aka 128 bits, other wise it is malformed. BUG=chromium:763585 Change-Id: Ied7c36978f1eb24aeda93a184527b6d6a191e5c3 Reviewed-on: https://pdfium-review.googlesource.com/13751 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
author: Ryan Harrison <rharrison@chromium.org> 2017-09-12 15:30:55 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-09-12 20:17:27 +0000
commit: 5b2092a1ec59077b430bd2cab91554cad2eb5128 (patch)
tree: e7445178ad8133b1d162c61e469be809a3f5e26f /core/fpdfapi/parser/cpdf_syntax_parser.cpp
parent: 8ac74971a33520afb73a8ca6628da1a0a78c85a8 (diff)
download: pdfium-5b2092a1ec59077b430bd2cab91554cad2eb5128.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/core/fpdfapi/parser/cpdf_syntax_parser.cpp b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
index 4a7810fc43..779bf81e0f 100644
--- a/core/fpdfapi/parser/cpdf_syntax_parser.cpp
+++ b/core/fpdfapi/parser/cpdf_syntax_parser.cpp
@@ -690,6 +690,9 @@ std::unique_ptr<CPDF_Stream> CPDF_SyntaxParser::ReadStream(
 
   std::unique_ptr<uint8_t, FxFreeDeleter> pData;
   if (len > 0) {
+    if (pCryptoHandler && pCryptoHandler->IsCipherAES() && len < 16)
+      return nullptr;
+
     pData.reset(FX_Alloc(uint8_t, len));
     ReadBlock(pData.get(), len);
     if (pCryptoHandler) {
author	Ryan Harrison <rharrison@chromium.org>	2017-09-12 15:30:55 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-09-12 20:17:27 +0000
commit	5b2092a1ec59077b430bd2cab91554cad2eb5128 (patch)
tree	e7445178ad8133b1d162c61e469be809a3f5e26f /core/fpdfapi/parser/cpdf_syntax_parser.cpp
parent	8ac74971a33520afb73a8ca6628da1a0a78c85a8 (diff)
download	pdfium-5b2092a1ec59077b430bd2cab91554cad2eb5128.tar.xz