summaryrefslogtreecommitdiff
path: root/core/fpdfapi
diff options
context:
space:
mode:
authortsepez <tsepez@chromium.org>2016-12-19 10:02:06 -0800
committerCommit bot <commit-bot@chromium.org>2016-12-19 10:02:06 -0800
commit0fdeeb8175560ce6bbd8bbc14120cc75ea3a2d67 (patch)
treecd36aa5f757f89a0d4aa3c7e5cb45515d6887a33 /core/fpdfapi
parentda587fab57602e5e10c058e6e632df513fba0c93 (diff)
downloadpdfium-0fdeeb8175560ce6bbd8bbc14120cc75ea3a2d67.tar.xz
Relax the EncryptMetadata check.chromium/2957
BUG=pdfium:644 Review-Url: https://codereview.chromium.org/2581873002
Diffstat (limited to 'core/fpdfapi')
-rw-r--r--core/fpdfapi/parser/cpdf_security_handler.cpp9
-rw-r--r--core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp22
2 files changed, 27 insertions, 4 deletions
diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp
index 5476b5485e..61834fca13 100644
--- a/core/fpdfapi/parser/cpdf_security_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler.cpp
@@ -386,10 +386,11 @@ bool CPDF_SecurityHandler::AES256_CheckPassword(const uint8_t* password,
if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions)
return false;
- bool encrypted = IsMetadataEncrypted();
- if ((buf[8] == 'T' && !encrypted) || (buf[8] == 'F' && encrypted))
- return false;
- return true;
+ // Relax this check as there appear to be some non-conforming documents
+ // in the wild. The value in the buffer is the truth; if it requires us
+ // to encrypt metadata, but the dictionary says otherwise, then we may
+ // have a tampered doc. Otherwise, give it a pass.
+ return buf[8] == 'F' || IsMetadataEncrypted();
}
bool CPDF_SecurityHandler::CheckPassword(const uint8_t* password,
diff --git a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp
index 37b6d8fc33..c6c6217e2c 100644
--- a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp
@@ -21,6 +21,10 @@ TEST_F(CPDFSecurityHandlerEmbeddertest, NoPassword) {
EXPECT_FALSE(OpenDocument("encrypted.pdf"));
}
+TEST_F(CPDFSecurityHandlerEmbeddertest, BadPassword) {
+ EXPECT_FALSE(OpenDocument("encrypted.pdf", "tiger"));
+}
+
TEST_F(CPDFSecurityHandlerEmbeddertest, UserPassword) {
ASSERT_TRUE(OpenDocument("encrypted.pdf", "1234"));
EXPECT_EQ(0xFFFFF2C0, FPDF_GetDocPermissions(document()));
@@ -30,3 +34,21 @@ TEST_F(CPDFSecurityHandlerEmbeddertest, OwnerPassword) {
ASSERT_TRUE(OpenDocument("encrypted.pdf", "5678"));
EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document()));
}
+
+TEST_F(CPDFSecurityHandlerEmbeddertest, NoPasswordVersion5) {
+ ASSERT_FALSE(OpenDocument("bug_644.pdf"));
+}
+
+TEST_F(CPDFSecurityHandlerEmbeddertest, BadPasswordVersion5) {
+ ASSERT_FALSE(OpenDocument("bug_644.pdf", "tiger"));
+}
+
+TEST_F(CPDFSecurityHandlerEmbeddertest, OwnerPasswordVersion5) {
+ ASSERT_TRUE(OpenDocument("bug_644.pdf", "a"));
+ EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document()));
+}
+
+TEST_F(CPDFSecurityHandlerEmbeddertest, UserPasswordVersion5) {
+ ASSERT_TRUE(OpenDocument("bug_644.pdf", "b"));
+ EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document()));
+}