From d5a0e7ac0a8169220b32cd8525b6cc5a6e563af3 Mon Sep 17 00:00:00 2001
From: Bo Xu <bo_xu@foxitsoftware.com>
Date: Thu, 10 Jul 2014 11:49:52 -0700
Subject: Zero out temporary arrays before use in PDF encryption.

BUG=387834
R=palmer@chromium.org

Review URL: https://codereview.chromium.org/386663003
---
 core/src/fpdfapi/fpdf_parser/fpdf_parser_encrypt.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/src/fpdfapi/fpdf_parser/fpdf_parser_encrypt.cpp b/core/src/fpdfapi/fpdf_parser/fpdf_parser_encrypt.cpp
index e09bbbbb2e..417801b9c5 100644
--- a/core/src/fpdfapi/fpdf_parser/fpdf_parser_encrypt.cpp
+++ b/core/src/fpdfapi/fpdf_parser/fpdf_parser_encrypt.cpp
@@ -406,6 +406,7 @@ FX_BOOL CPDF_StandardSecurityHandler::CheckUserPassword(FX_LPCBYTE password, FX_
             copy_len = ukey.GetLength();
         }
         FXSYS_memset32(test, 0, sizeof(test));
+        FXSYS_memset32(tmpkey, 0, sizeof(tmpkey));
         FXSYS_memcpy32(test, (FX_LPCSTR)ukey, copy_len);
         for (int i = 19; i >= 0; i --) {
             for (int j = 0; j < key_len; j ++) {
@@ -466,6 +467,7 @@ CFX_ByteString CPDF_StandardSecurityHandler::GetUserPassword(FX_LPCBYTE owner_pa
     } else {
         for (int i = 19; i >= 0; i --) {
             FX_BYTE tempkey[32];
+            FXSYS_memset32(tempkey, 0, sizeof(tempkey));
             for (int j = 0; j < m_KeyLen; j ++) {
                 tempkey[j] = enckey[j] ^ i;
             }
-- 
cgit v1.2.3