[
https://issues.apache.org/jira/browse/PDFBOX-2268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michele Balistreri updated PDFBOX-2268:
---------------------------------------
Description:
When opening a document encrypted with AES-256 (owner password only) by
providing no password, the isUserPassword method fails, since it tries,
indirectly, to decrypt a null pointer by calling computeUserPassword. The
result of computeUserPassword would be ignored even if the call succeeded,
since it is not need for AES-256 encryption.
Also, the code validating the Perms dictionary is correct, but unfortunately
not even Acrobat seems to write Perms correctly (in my case P = F0C0 and Perms
= F2C0), so that check needs to be relaxed. Perhaps logging the issue instead
of throwing an exception would be more adequate.
Provided is a patch for both issues. I understand it is probably suboptimal but
I am completely new to the project and have not yet had the time to study all
coding conventions. Considering the patch is very small maybe someone can take
it as a pointer of what needs to be changes.
was:
When opening a document encrypted with AES-256 (owner password only) by
providing no password, the isUserPassword method fails, since it tries
(indirectly) to decrypt a null pointer.
Also, the code validating the Perms dictionary is correct, but unfortunately
not even Acrobat seems to write Perms correctly (in my case P = F0C0 and Perms
= F2C0), so that check needs to be relaxed. Perhaps logging the issue instead
of throwing an exception would be more adequate.
Provided is a patch for both issues. I understand it is probably suboptimal but
I am completely new to the project and have not yet had the time to study all
coding conventions. Considering the patch is very small maybe someone can take
it as a pointer of what needs to be changes.
> AES-256 decryptions fails
> -------------------------
>
> Key: PDFBOX-2268
> URL: https://issues.apache.org/jira/browse/PDFBOX-2268
> Project: PDFBox
> Issue Type: Bug
> Components: PDModel
> Affects Versions: 2.0.0
> Reporter: Michele Balistreri
> Attachments: AES256-fix.diff
>
>
> When opening a document encrypted with AES-256 (owner password only) by
> providing no password, the isUserPassword method fails, since it tries,
> indirectly, to decrypt a null pointer by calling computeUserPassword. The
> result of computeUserPassword would be ignored even if the call succeeded,
> since it is not need for AES-256 encryption.
> Also, the code validating the Perms dictionary is correct, but unfortunately
> not even Acrobat seems to write Perms correctly (in my case P = F0C0 and
> Perms = F2C0), so that check needs to be relaxed. Perhaps logging the issue
> instead of throwing an exception would be more adequate.
> Provided is a patch for both issues. I understand it is probably suboptimal
> but I am completely new to the project and have not yet had the time to study
> all coding conventions. Considering the patch is very small maybe someone can
> take it as a pointer of what needs to be changes.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
