Permalink
Browse files

pdf: bb #7053

  • Loading branch information...
1 parent c6870a6 commit 24ff855c82d3f5c62bc5788a5776cefbffce2971 @TheRaynMan TheRaynMan committed Apr 5, 2013
Showing with 20 additions and 4 deletions.
  1. +20 −4 libclamav/pdf.c
View
@@ -296,6 +296,9 @@ static void pdfobj_flag(struct pdf_struct *pdf, struct pdf_obj *obj, enum pdf_fl
case MANY_FILTERS:
s = "more than 2 filters per obj";
break;
+ case DECRYPTABLE_PDF:
+ s = "decryptable PDF";
+ break;
}
cli_dbgmsg("cli_pdf: %s flagged in object %u %u\n", s, obj->id>>8, obj->id&0xff);
}
@@ -567,6 +570,8 @@ static int pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj)
char *ascii_decoded = NULL;
int dump = 1;
+ cli_dbgmsg("pdf_extract_obj: obj %u %u\n", obj->id>>8, obj->id&0xff);
+
/* TODO: call bytecode hook here, allow override dumpability */
if ((!(obj->flags & (1 << OBJ_STREAM)) ||
(obj->flags & (1 << OBJ_HASFILTERS)))
@@ -585,7 +590,7 @@ static int pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj)
}
if (!dump)
return CL_CLEAN;
- cli_dbgmsg("cli_pdf: dumping obj %u %u\n", obj->id>>8, obj->id);
+ cli_dbgmsg("cli_pdf: dumping obj %u %u\n", obj->id>>8, obj->id&0xff);
snprintf(fullname, sizeof(fullname), "%s"PATHSEP"pdf%02u", pdf->dir, pdf->files++);
fout = open(fullname,O_RDWR|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600);
if (fout < 0) {
@@ -907,6 +912,7 @@ static void pdf_parseobj(struct pdf_struct *pdf, struct pdf_obj *obj)
q2 = pdf_nextobject(q, bytesleft);
bytesleft -= q2 -q;
if (!q2 || bytesleft < 0) {
+ cli_dbgmsg("cli_pdf: %u %u obj: no dictionary\n", obj->id>>8, obj->id&0xff);
return;
}
q3 = memchr(q-1, '<', q2-q+1);
@@ -922,6 +928,7 @@ static void pdf_parseobj(struct pdf_struct *pdf, struct pdf_obj *obj)
q2 = pdf_nextobject(q, bytesleft);
bytesleft -= q2 -q;
if (!q2 || bytesleft < 0) {
+ cli_dbgmsg("cli_pdf: %u %u obj: broken dictionary\n", obj->id>>8, obj->id&0xff);
return;
}
q3 = memchr(q-1, '>', q2-q+1);
@@ -1262,7 +1269,7 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O,
password_empty = 1;
/* Algorithm 3.2a could be used to recover encryption key */
}
- } else {
+ } else if ((R >= 2) && (R <= 4)) {
/* 7.6.3.3 Algorithm 2 */
cli_md5_init(&md5);
/* empty password, password == padding */
@@ -1276,9 +1283,9 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O,
cli_md5_update(&md5, &v, 4);
}
cli_md5_final(result, &md5);
+ if (length > 128)
+ length = 128;
if (R >= 3) {
- if (length > 128)
- length = 128;
for (i=0;i<50;i++) {
cli_md5_init(&md5);
cli_md5_update(&md5, result, length/8);
@@ -1329,6 +1336,11 @@ static void check_user_password(struct pdf_struct *pdf, int R, const char *O,
cli_dbgmsg("cli_pdf: invalid revision %d\n", R);
}
}
+ else {
+ /* Supported R is in {2,3,4,5} */
+ cli_dbgmsg("cli_pdf: R value out of range\n");
+ return;
+ }
if (password_empty) {
cli_dbgmsg("cli_pdf: user password is empty\n");
/* The key we computed above is the key used to encrypt the streams.
@@ -1395,6 +1407,10 @@ static void pdf_handle_enc(struct pdf_struct *pdf)
cli_dbgmsg("cli_pdf: invalid R\n");
break;
}
+ if ((R > 5) || (R < 2)) {
+ cli_dbgmsg("cli_pdf: R value outside supported range [2..5]\n");
+ break;
+ }
if (R < 5)
oulen = 32;

0 comments on commit 24ff855

Please sign in to comment.