Hi,
I again have found two bugs in the handling of encrypted pdfs.
1. PdfObjectStreamParserObject.cpp: Do not decrypt a stream twice for
RC4V2 encryption.
I have done the same for AESV2 some time ago.
2. PdfString.cpp: When encrypting a string do not include the two
trailing zeros.
In the constructor of PdfString m_buffer gets always two trailing zero
bytes.
That's why there is already a "pdf_long lLen = m_buffer.GetSize() - 2;"
in PdfString::Write.
But in the if-pEncrypt block this "- 2" was missing.
So that a string "japan1" (length 6) after encryption and decryption
gets to "japan1\0\0" (length 8).
That caused us some trouble.
Now I have fixed that.
So please check my changes and add them to the repository.
Kind regards
Andreas
--
dots <http://www.dots.de/en/>
Andreas Brzesowsky
dots Software GmbH
Schlesische Str. 27, 10997 Berlin, Germany
Phone: +49 (0)30 695 799-34, Fax: +49 (0)30 695 799-55
andreas.brzesow...@dots.de <mailto:andreas.brzesow...@dots.de>
http://www.dots.de <http://www.dots.de/>
Amtsgericht (District Court): Berlin Charlottenburg HRB 65201
Geschäftsführer (Managing Directors): Olaf Lorenz, Etienne Van Damme
Follow us on: Twitter <http://www.dots.de/?id=twitter> Youtube
<http://www.dots.de/?id=youtube> Xing <http://www.dots.de/?id=xing>
Index: src/base/PdfObjectStreamParserObject.cpp
===================================================================
--- src/base/PdfObjectStreamParserObject.cpp (revision 1670)
+++ src/base/PdfObjectStreamParserObject.cpp (working copy)
@@ -100,7 +100,8 @@
// use a second tokenizer here so that anything that gets
dequeued isn't left in the tokenizer that reads the offsets and lengths
PdfTokenizer variantTokenizer( device, m_buffer );
- if( m_pEncrypt && m_pEncrypt->GetEncryptAlgorithm() ==
PdfEncrypt::ePdfEncryptAlgorithm_AESV2 )
+ if( m_pEncrypt && (m_pEncrypt->GetEncryptAlgorithm() ==
PdfEncrypt::ePdfEncryptAlgorithm_AESV2
+ || m_pEncrypt->GetEncryptAlgorithm() ==
PdfEncrypt::ePdfEncryptAlgorithm_RC4V2) )
variantTokenizer.GetNextVariant( var, 0 ); // Stream is
already decrypted
else
variantTokenizer.GetNextVariant( var, m_pEncrypt );
Index: src/base/PdfString.cpp
===================================================================
--- src/base/PdfString.cpp (revision 1670)
+++ src/base/PdfString.cpp (working copy)
@@ -109,7 +109,7 @@
Init( pszString, strlen( pszString ) );
}
-#if defined(_MSC_VER) && _MSC_VER <= 1200 // nicht fόr
Visualstudio 6
+#if defined(_MSC_VER) && _MSC_VER <= 1200 // nicht fοΏ½r
Visualstudio 6
#else
PdfString::PdfString( const wchar_t* pszString, pdf_long lLen )
{
@@ -344,7 +344,7 @@
// Now we are not encrypting the empty strings (was access violation)!
if( pEncrypt && m_buffer.GetSize())
{
- pdf_long nInputBufferLen = m_buffer.GetSize();
+ pdf_long nInputBufferLen = m_buffer.GetSize() - 2; // Cut off the
trailing pair of zeros
pdf_long nUnicodeMarkerOffet = sizeof( PdfString::s_pszUnicodeMarker );
if( m_bUnicode )
nInputBufferLen += nUnicodeMarkerOffet;
@@ -354,10 +354,10 @@
if( m_bUnicode )
{
memcpy(pInputBuffer, PdfString::s_pszUnicodeMarker,
nUnicodeMarkerOffet);
- memcpy(&pInputBuffer[nUnicodeMarkerOffet], m_buffer.GetBuffer(),
m_buffer.GetSize());
+ memcpy(&pInputBuffer[nUnicodeMarkerOffet], m_buffer.GetBuffer(),
nInputBufferLen - nUnicodeMarkerOffet);
}
else
- memcpy(pInputBuffer, m_buffer.GetBuffer(), m_buffer.GetSize());
+ memcpy(pInputBuffer, m_buffer.GetBuffer(), nInputBufferLen);
pdf_long nOutputBufferLen =
pEncrypt->CalculateStreamLength(nInputBufferLen);
@@ -378,7 +378,7 @@
if( m_buffer.GetSize() )
{
char* pBuf = m_buffer.GetBuffer();
- pdf_long lLen = m_buffer.GetSize() - 2;
+ pdf_long lLen = m_buffer.GetSize() - 2; // Cut off the trailing pair
of zeros
if( m_bHex )
{
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
