You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 lines
1.0 KiB
17 lines
1.0 KiB
5 years ago
|
diff -rupN --no-dereference podofo-0.9.6/src/base/PdfEncrypt.cpp podofo-0.9.6-new/src/base/PdfEncrypt.cpp
|
||
|
|
--- podofo-0.9.6/src/base/PdfEncrypt.cpp 2020-07-02 10:27:57.484446311 +0200
|
||
|
|
+++ podofo-0.9.6-new/src/base/PdfEncrypt.cpp 2020-07-02 10:27:57.694448247 +0200
|
||
|
|
@@ -607,6 +607,12 @@ PdfEncrypt* PdfEncrypt::CreatePdfEncrypt
|
||
|
|
&& PdfEncrypt::IsEncryptionEnabled( ePdfEncryptAlgorithm_RC4V2 ) )
|
||
|
|
{
|
||
|
|
// [Alexey] - lLength is pdf_int64. Please make changes in encryption algorithms
|
||
|
|
+ // [mabri] - Fix CVE-2018-12983: Check key length lLength here
|
||
|
|
+ // to prevent stack-based buffer over-read in line 867 of this file
|
||
|
|
+ if (lLength > MD5_DIGEST_LENGTH * 8) // lLength in bits, md5 in bytes
|
||
|
|
+ {
|
||
|
|
+ PODOFO_RAISE_ERROR_INFO( ePdfError_ValueOutOfRange, "Given key length too large for MD5." );
|
||
|
|
+ }
|
||
|
|
pdfEncrypt = new PdfEncryptRC4(oValue, uValue, pValue, rValue, ePdfEncryptAlgorithm_RC4V2, static_cast<int>(lLength), encryptMetadata);
|
||
|
|
}
|
||
|
|
else
|