diff options
| author | tsepez <tsepez@chromium.org> | 2016-12-19 10:02:06 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-12-19 10:02:06 -0800 |
| commit | 0fdeeb8175560ce6bbd8bbc14120cc75ea3a2d67 (patch) | |
| tree | cd36aa5f757f89a0d4aa3c7e5cb45515d6887a33 /core | |
| parent | da587fab57602e5e10c058e6e632df513fba0c93 (diff) | |
| download | pdfium-0fdeeb8175560ce6bbd8bbc14120cc75ea3a2d67.tar.xz | |
Relax the EncryptMetadata check.chromium/2957
BUG=pdfium:644
Review-Url: https://codereview.chromium.org/2581873002
Diffstat (limited to 'core')
| -rw-r--r-- | core/fpdfapi/parser/cpdf_security_handler.cpp | 9 | ||||
| -rw-r--r-- | core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp | 22 |
2 files changed, 27 insertions, 4 deletions
diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp index 5476b5485e..61834fca13 100644 --- a/core/fpdfapi/parser/cpdf_security_handler.cpp +++ b/core/fpdfapi/parser/cpdf_security_handler.cpp @@ -386,10 +386,11 @@ bool CPDF_SecurityHandler::AES256_CheckPassword(const uint8_t* password, if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions) return false; - bool encrypted = IsMetadataEncrypted(); - if ((buf[8] == 'T' && !encrypted) || (buf[8] == 'F' && encrypted)) - return false; - return true; + // Relax this check as there appear to be some non-conforming documents + // in the wild. The value in the buffer is the truth; if it requires us + // to encrypt metadata, but the dictionary says otherwise, then we may + // have a tampered doc. Otherwise, give it a pass. + return buf[8] == 'F' || IsMetadataEncrypted(); } bool CPDF_SecurityHandler::CheckPassword(const uint8_t* password, diff --git a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp index 37b6d8fc33..c6c6217e2c 100644 --- a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp +++ b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp @@ -21,6 +21,10 @@ TEST_F(CPDFSecurityHandlerEmbeddertest, NoPassword) { EXPECT_FALSE(OpenDocument("encrypted.pdf")); } +TEST_F(CPDFSecurityHandlerEmbeddertest, BadPassword) { + EXPECT_FALSE(OpenDocument("encrypted.pdf", "tiger")); +} + TEST_F(CPDFSecurityHandlerEmbeddertest, UserPassword) { ASSERT_TRUE(OpenDocument("encrypted.pdf", "1234")); EXPECT_EQ(0xFFFFF2C0, FPDF_GetDocPermissions(document())); @@ -30,3 +34,21 @@ TEST_F(CPDFSecurityHandlerEmbeddertest, OwnerPassword) { ASSERT_TRUE(OpenDocument("encrypted.pdf", "5678")); EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document())); } + +TEST_F(CPDFSecurityHandlerEmbeddertest, NoPasswordVersion5) { + ASSERT_FALSE(OpenDocument("bug_644.pdf")); +} + +TEST_F(CPDFSecurityHandlerEmbeddertest, BadPasswordVersion5) { + ASSERT_FALSE(OpenDocument("bug_644.pdf", "tiger")); +} + +TEST_F(CPDFSecurityHandlerEmbeddertest, OwnerPasswordVersion5) { + ASSERT_TRUE(OpenDocument("bug_644.pdf", "a")); + EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document())); +} + +TEST_F(CPDFSecurityHandlerEmbeddertest, UserPasswordVersion5) { + ASSERT_TRUE(OpenDocument("bug_644.pdf", "b")); + EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document())); +} |