42 lines
1.7 KiB
Diff
42 lines
1.7 KiB
Diff
From 917b3a71fb20748965254631199ad98210d6c2fb Mon Sep 17 00:00:00 2001
|
|
From: Ken Sharp <Ken.Sharp@artifex.com>
|
|
Date: Thu, 25 Jan 2024 11:58:22 +0000
|
|
Subject: [PATCH 1/7] Bug 707510 - don't use strlen on passwords
|
|
http://www.ghostscript.com/cgi-bin/findgit.cgi?917b3a71fb20748965254631199ad98210d6c2fb
|
|
|
|
Item #1 of the report. This looks like an oversight when first coding
|
|
the routine. We should use the PostScript string length, because
|
|
PostScript strings may not be NULL terminated (and as here may contain
|
|
internal NULL characters).
|
|
|
|
Fix the R6 handler which has the same problem too.
|
|
---
|
|
pdf/pdf_sec.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/pdf/pdf_sec.c b/pdf/pdf_sec.c
|
|
index ff60805..2bb59e1 100644
|
|
--- a/pdf/pdf_sec.c
|
|
+++ b/pdf/pdf_sec.c
|
|
@@ -1250,7 +1250,7 @@ static int check_password_R5(pdf_context *ctx, char *Password, int PasswordLen,
|
|
if (code < 0) {
|
|
pdf_string *P = NULL, *P_UTF8 = NULL;
|
|
|
|
- code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P);
|
|
+ code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P);
|
|
if (code < 0) {
|
|
return code;
|
|
}
|
|
@@ -1300,7 +1300,7 @@ static int check_password_R6(pdf_context *ctx, char *Password, int PasswordLen,
|
|
if (code < 0) {
|
|
pdf_string *P = NULL, *P_UTF8 = NULL;
|
|
|
|
- code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P);
|
|
+ code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P);
|
|
if (code < 0)
|
|
return code;
|
|
memcpy(P->data, Password, PasswordLen);
|
|
--
|
|
2.43.0
|
|
|