octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2025-01-31 02:48:31 +00:00
Code Issues Releases Wiki Activity

Fix memory access error

Browse Source 
A previous fix introduced a potentially memory overrun under certain
rare conditions. The test suite now once again passes with address
sanitizer.
This commit is contained in:
Jay Berkenbilt 2018-08-12 13:16:15 -04:00
parent b6e414b10b
commit 932799baab
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libqpdf/QPDF_encryption.cc
View File

@ -437,11 +437,10 @@ QPDF::compute_encryption_key_from_password(
md5.encodeDataIncrementally(bytes, 4);
}
MD5::Digest digest;
iterate_md5_digest(md5, digest, ((data.getR() >= 3) ? 50 : 0),
data.getLengthBytes());
return std::string(reinterpret_cast<char*>(digest),
std::min(static_cast<int>(sizeof(digest)),
data.getLengthBytes()));
int key_len = std::min(static_cast<int>(sizeof(digest)),
data.getLengthBytes());
iterate_md5_digest(md5, digest, ((data.getR() >= 3) ? 50 : 0), key_len);
return std::string(reinterpret_cast<char*>(digest), key_len);
}
static void
@ -464,8 +463,9 @@ compute_O_rc4_key(std::string const& user_password,
md5.encodeDataIncrementally(
pad_or_truncate_password_V4(password).c_str(), key_bytes);
MD5::Digest digest;
iterate_md5_digest(md5, digest, ((data.getR() >= 3) ? 50 : 0),
data.getLengthBytes());
int key_len = std::min(static_cast<int>(sizeof(digest)),
data.getLengthBytes());
iterate_md5_digest(md5, digest, ((data.getR() >= 3) ? 50 : 0), key_len);
memcpy(key, digest, OU_key_bytes_V4);
}