You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 lines
1.0 KiB
17 lines
1.0 KiB
4 years ago
|
diff -rupN --no-dereference podofo-0.9.7/src/podofo/base/PdfEncrypt.cpp podofo-0.9.7-new/src/podofo/base/PdfEncrypt.cpp
|
||
|
|
--- podofo-0.9.7/src/podofo/base/PdfEncrypt.cpp 2019-01-15 14:04:40.000000000 +0100
|
||
|
|
+++ podofo-0.9.7-new/src/podofo/base/PdfEncrypt.cpp 2021-01-09 20:24:45.328924249 +0100
|
||
|
|
@@ -615,6 +615,12 @@ PdfEncrypt* PdfEncrypt::CreatePdfEncrypt
|
||
|
5 years ago
|
&& PdfEncrypt::IsEncryptionEnabled( ePdfEncryptAlgorithm_RC4V2 ) )
|
||
|
|
{
|
||
|
|
// [Alexey] - lLength is pdf_int64. Please make changes in encryption algorithms
|
||
|
|
+ // [mabri] - Fix CVE-2018-12983: Check key length lLength here
|
||
|
|
+ // to prevent stack-based buffer over-read in line 867 of this file
|
||
|
|
+ if (lLength > MD5_DIGEST_LENGTH * 8) // lLength in bits, md5 in bytes
|
||
|
|
+ {
|
||
|
|
+ PODOFO_RAISE_ERROR_INFO( ePdfError_ValueOutOfRange, "Given key length too large for MD5." );
|
||
|
|
+ }
|
||
|
|
pdfEncrypt = new PdfEncryptRC4(oValue, uValue, pValue, rValue, ePdfEncryptAlgorithm_RC4V2, static_cast<int>(lLength), encryptMetadata);
|
||
|
|
}
|
||
|
|
else
|