You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 lines
1.0 KiB
17 lines
1.0 KiB
diff -rupN --no-dereference podofo-0.9.7/src/podofo/base/PdfEncrypt.cpp podofo-0.9.7-new/src/podofo/base/PdfEncrypt.cpp
|
|
--- podofo-0.9.7/src/podofo/base/PdfEncrypt.cpp 2019-01-15 14:04:40.000000000 +0100
|
|
+++ podofo-0.9.7-new/src/podofo/base/PdfEncrypt.cpp 2022-01-28 10:14:44.010676200 +0100
|
|
@@ -615,6 +615,12 @@ PdfEncrypt* PdfEncrypt::CreatePdfEncrypt
|
|
&& PdfEncrypt::IsEncryptionEnabled( ePdfEncryptAlgorithm_RC4V2 ) )
|
|
{
|
|
// [Alexey] - lLength is pdf_int64. Please make changes in encryption algorithms
|
|
+ // [mabri] - Fix CVE-2018-12983: Check key length lLength here
|
|
+ // to prevent stack-based buffer over-read in line 867 of this file
|
|
+ if (lLength > MD5_DIGEST_LENGTH * 8) // lLength in bits, md5 in bytes
|
|
+ {
|
|
+ PODOFO_RAISE_ERROR_INFO( ePdfError_ValueOutOfRange, "Given key length too large for MD5." );
|
|
+ }
|
|
pdfEncrypt = new PdfEncryptRC4(oValue, uValue, pValue, rValue, ePdfEncryptAlgorithm_RC4V2, static_cast<int>(lLength), encryptMetadata);
|
|
}
|
|
else
|