diff options
Diffstat (limited to 'core/fpdfapi/parser')
-rw-r--r-- | core/fpdfapi/parser/cpdf_security_handler.cpp | 9 | ||||
-rw-r--r-- | core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp | 22 |
2 files changed, 27 insertions, 4 deletions
diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp index 5476b5485e..61834fca13 100644 --- a/core/fpdfapi/parser/cpdf_security_handler.cpp +++ b/core/fpdfapi/parser/cpdf_security_handler.cpp @@ -386,10 +386,11 @@ bool CPDF_SecurityHandler::AES256_CheckPassword(const uint8_t* password, if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions) return false; - bool encrypted = IsMetadataEncrypted(); - if ((buf[8] == 'T' && !encrypted) || (buf[8] == 'F' && encrypted)) - return false; - return true; + // Relax this check as there appear to be some non-conforming documents + // in the wild. The value in the buffer is the truth; if it requires us + // to encrypt metadata, but the dictionary says otherwise, then we may + // have a tampered doc. Otherwise, give it a pass. + return buf[8] == 'F' || IsMetadataEncrypted(); } bool CPDF_SecurityHandler::CheckPassword(const uint8_t* password, diff --git a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp index 37b6d8fc33..c6c6217e2c 100644 --- a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp +++ b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp @@ -21,6 +21,10 @@ TEST_F(CPDFSecurityHandlerEmbeddertest, NoPassword) { EXPECT_FALSE(OpenDocument("encrypted.pdf")); } +TEST_F(CPDFSecurityHandlerEmbeddertest, BadPassword) { + EXPECT_FALSE(OpenDocument("encrypted.pdf", "tiger")); +} + TEST_F(CPDFSecurityHandlerEmbeddertest, UserPassword) { ASSERT_TRUE(OpenDocument("encrypted.pdf", "1234")); EXPECT_EQ(0xFFFFF2C0, FPDF_GetDocPermissions(document())); @@ -30,3 +34,21 @@ TEST_F(CPDFSecurityHandlerEmbeddertest, OwnerPassword) { ASSERT_TRUE(OpenDocument("encrypted.pdf", "5678")); EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document())); } + +TEST_F(CPDFSecurityHandlerEmbeddertest, NoPasswordVersion5) { + ASSERT_FALSE(OpenDocument("bug_644.pdf")); +} + +TEST_F(CPDFSecurityHandlerEmbeddertest, BadPasswordVersion5) { + ASSERT_FALSE(OpenDocument("bug_644.pdf", "tiger")); +} + +TEST_F(CPDFSecurityHandlerEmbeddertest, OwnerPasswordVersion5) { + ASSERT_TRUE(OpenDocument("bug_644.pdf", "a")); + EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document())); +} + +TEST_F(CPDFSecurityHandlerEmbeddertest, UserPasswordVersion5) { + ASSERT_TRUE(OpenDocument("bug_644.pdf", "b")); + EXPECT_EQ(0xFFFFFFFC, FPDF_GetDocPermissions(document())); +} |