From ac3c81a8edcb44e2669485630d6718c96a6ad6e9 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Wed, 26 Jul 2017 06:19:19 -0400 Subject: [PATCH] Include tests for other infinite loop bugs fixes #117 fixes #118 fixes #119 fixes #120 Several other infinite loop bugs were fixed by previous changes. Include their test files in the test suite. --- ChangeLog | 4 ++++ qpdf/qtest/qpdf.test | 6 +++++- qpdf/qtest/qpdf/issue-117.out | 6 ++++++ qpdf/qtest/qpdf/issue-117.pdf | Bin 0 -> 2817 bytes qpdf/qtest/qpdf/issue-118.out | 2 ++ qpdf/qtest/qpdf/issue-118.pdf | Bin 0 -> 806 bytes qpdf/qtest/qpdf/issue-119.out | 2 ++ qpdf/qtest/qpdf/issue-119.pdf | Bin 0 -> 912 bytes qpdf/qtest/qpdf/issue-120.out | 2 ++ qpdf/qtest/qpdf/issue-120.pdf | Bin 0 -> 785 bytes 10 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 qpdf/qtest/qpdf/issue-117.out create mode 100644 qpdf/qtest/qpdf/issue-117.pdf create mode 100644 qpdf/qtest/qpdf/issue-118.out create mode 100644 qpdf/qtest/qpdf/issue-118.pdf create mode 100644 qpdf/qtest/qpdf/issue-119.out create mode 100644 qpdf/qtest/qpdf/issue-119.pdf create mode 100644 qpdf/qtest/qpdf/issue-120.out create mode 100644 qpdf/qtest/qpdf/issue-120.pdf diff --git a/ChangeLog b/ChangeLog index 613a0eaf..5be7129f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2017-07-26 Jay Berkenbilt + * Fixes to infinite loops below also fix problems reported in + other issues and cover CVE-2017-11624, CVE-2017-11625, + CVE-2017-11626, and CVE-2017-11627. + * Don't attempt to interpret syntactic keywords (like R and endobj) found while parsing content streams. diff --git a/qpdf/qtest/qpdf.test b/qpdf/qtest/qpdf.test index c0207019..242ee149 100644 --- a/qpdf/qtest/qpdf.test +++ b/qpdf/qtest/qpdf.test @@ -206,7 +206,7 @@ $td->runtest("remove page we don't have", show_ntests(); # ---------- $td->notify("--- Miscellaneous Tests ---"); -$n_tests += 82; +$n_tests += 86; $td->runtest("qpdf version", {$td->COMMAND => "qpdf --version"}, @@ -225,6 +225,10 @@ foreach my $d ( ["99b", "object 0"], ["100","xref reconstruction loop"], ["101", "resolve for exception text"], + ["117", "other infinite loop"], + ["118", "other infinite loop"], + ["119", "other infinite loop"], + ["120", "other infinite loop"], ) { my ($n, $description) = @$d; diff --git a/qpdf/qtest/qpdf/issue-117.out b/qpdf/qtest/qpdf/issue-117.out new file mode 100644 index 00000000..46be2597 --- /dev/null +++ b/qpdf/qtest/qpdf/issue-117.out @@ -0,0 +1,6 @@ +WARNING: issue-117.pdf: file is damaged +WARNING: issue-117.pdf: can't find startxref +WARNING: issue-117.pdf: Attempting to reconstruct cross-reference table +WARNING: issue-117.pdf (file position 66): loop detected resolving object 2 0 +WARNING: issue-117.pdf (object 2 0, file position 67): attempting to recover stream length +attempt to make a stream into a direct object diff --git a/qpdf/qtest/qpdf/issue-117.pdf b/qpdf/qtest/qpdf/issue-117.pdf new file mode 100644 index 0000000000000000000000000000000000000000..5fd8ee32562e8369ac837d3380615a90a10944cd GIT binary patch literal 2817 zcma)82~<;88b*pmo-l%dgF^L*qCmj6WFZ0MND^WwQDcINB5F(?B%0*KFv=m`PL|O$!2ni*rA|fIn6J;b6 zIw(1x`2#c7|5;!xDn;!|B*9bOtoI0#IKK(<$dFkoPka2M%-$37TtC#=^Xj#XHG$49 zSziUNpX4Bk93AVbhQyU#`{xWPjNomHdBnUctniyZdd|efv5_7L4J!$~s>cX;qy2)I zJr43vs25`O`#g8Kfk5J>EnGw>DMW5wNYUTXIz<7T3Xh+bqz;q=laximHl$HZSqiqS7i#>o}bd5e?OT?p1E0e z@xY5MMa{;lx*t1hcU{l1SpMqh*y(-yIx>lEt>0j=iZnx8xxb}2Tiz` zknrL7nda7wCr{ouckZKmdF4m9P{($m5U)GEM}Ijm(?`XamsvM>db)U&Y~XkAMisnX z9x~#TPpRy1VyEYluF7;@ebXWTw2ZD{o}^@+@Ij$Rq~=+EOL?`l?Q%Ib7Sc&pe?twWP9RnNNkir?<$f;0b^DYT4Hh-8vUAen?K8 zo70}V|FE~?n!K13j;XR6&CecqyOxTlT`f)aKj(a??8xq^IS(^ky;iO=7}eq8mVf#l zKD)%uKW49M_+F zaeQov-p4M~oE@LM`o;9pP_|RvAQj{3kHVsF-lVilRj$n_TY2ieT>deTHB!ct2>ovC z&Tf~C7-xTL$7`96ERn6)vUf&x)4ndb->?IzUyArR2o94QHmxc1IN4 zn<JQK7c@}+YQ&^1e8iF?Coj+BnlgN3*U7M3$w0 zmYFi|&TN34x`D{EB9@a?*1DRXSY54PitUI(C3$)7Z{H94+{Et z_6)b!KO7Vj`UVB_e+`O||9?- zgtE)`q@bgdZ)h;X~Uh%B6!1mCnZ-)k(4Mu3XAJnm+)hu6uklcg~|nYNTk? zhgCDihJ`gYzSNJM9^rkwKBG7dDn9S`VoK<#k!!O@fAQ@5Vtjb6ONHr5cAYF>RIv@j zIN!Xey8YN2i-RTjwhzO(m<2s|sNXj*Q@NG9bH#|6mrda=EE+rvz)^S*R?O8^q^suxF;`ClIlASSQ6~x z#}~ywl{zcX(htlko_M~lYgp8~51)Ccy{!#k+l`<<=(1V+1C?TZM8fOq54tS9^n#&% zFd`xWNzh_|8+vF4FlDrk1=A!X16qjGNGjz76^{U7MPi9$s+)fV-Ai=$!nYQ_&qBWe zYhOxfzLF}8Rz{-tMP!7DG#izK3ATD8LuL~yje<`m$J5TSd2E==!V{3mM$&8m4#|;N zqe5>o&|4^%BLaCpRUy$ZWi$i!21KT(fCW=G!`lSR{T+8q&~JQzkSV=R0EIp;Ku;qv z8kMQL!DaNPfHZ@&VKyc(y7_I7qCi0@v}6*9Itc_xdjK*#%|PfQm6V3m$J6pM7>S!b z2iBXl+U`FT>@88~ll(PQaCB_IuZm`Kkr9Af3Pl>jMNuLVin2pcGz3Rc4iBs>u(Ijz z?!u|eN}^YeCFqvn09mU%kYfRT4yWe_^f^rM12_;tne-Y3Rt)TAH3|F{g6opMFce2I z4%mc)VR#6}VxahV6dfO6laFL0kqDtM#)RNR7=raM1a`DO80a?ovB5AdNOv#Rk7H~u z2)Y-yzR+gDh3VHA&J6+C?8W-^aW3yS`Zx~*jomA2eL(+rp<7ExDg|mnx!7dZ!3c}bVqqA@jEuzDJfTRyLq!;$!{LK6bNDze>>joXBV|oD KlZ|sAKj`0;Neue{ literal 0 HcmV?d00001 diff --git a/qpdf/qtest/qpdf/issue-118.out b/qpdf/qtest/qpdf/issue-118.out new file mode 100644 index 00000000..52fe67e9 --- /dev/null +++ b/qpdf/qtest/qpdf/issue-118.out @@ -0,0 +1,2 @@ +WARNING: issue-118.pdf (file position 732): loop detected resolving object 2 0 +issue-118.pdf (xref stream: object 8 0, file position 732): supposed object stream 2 is not a stream diff --git a/qpdf/qtest/qpdf/issue-118.pdf b/qpdf/qtest/qpdf/issue-118.pdf new file mode 100644 index 0000000000000000000000000000000000000000..5dc05f6d95755d24651b6b4929e295ff711fdf17 GIT binary patch literal 806 zcmY!laBic5-86LY!XI;hPkh8hT?sck-nc_2sNzF@v#ubnS zig0{!hN_iVAEN29z>=~ef>P5!=`1+2DpkP}#PZBbNv%+bHc+sP1#!a_q74;{6b!)} zXi_sa1IYyC=a&Fw3>1Puyg*2b1alF|kOAmaMh1QcCI%)0CLkLbGlJxRm+gR_VTF2 literal 0 HcmV?d00001 diff --git a/qpdf/qtest/qpdf/issue-119.out b/qpdf/qtest/qpdf/issue-119.out new file mode 100644 index 00000000..bc6ffb3e --- /dev/null +++ b/qpdf/qtest/qpdf/issue-119.out @@ -0,0 +1,2 @@ +WARNING: issue-119.pdf (file position 336): loop detected resolving object 4 0 +issue-119.pdf (file position 298): dictionary key is not not a name token diff --git a/qpdf/qtest/qpdf/issue-119.pdf b/qpdf/qtest/qpdf/issue-119.pdf new file mode 100644 index 0000000000000000000000000000000000000000..829ca7af77c9b8556ec450f5408a497421612cdc GIT binary patch literal 912 zcmah|!A`WTzBrNtz}mKw_duS`!b1LxBZr%C2b_qkfJ*;%9kvW?P`3 ziJP$9eckuw&D+wN3`Uo3+jCl9-=BysAn5tC6NVs=2Y7_UARc&AL9~b>N2({@5DBX4k^^6MiiVhKIV+4b>8Do6-fzxr;z8{8*OTJuYM7G z0p(N6n|)O{o0E?o2H3$qMqv~G WYaPufy3(YDvB~(Z@3dOO`_T_6PukG{ literal 0 HcmV?d00001 diff --git a/qpdf/qtest/qpdf/issue-120.out b/qpdf/qtest/qpdf/issue-120.out new file mode 100644 index 00000000..02f41135 --- /dev/null +++ b/qpdf/qtest/qpdf/issue-120.out @@ -0,0 +1,2 @@ +WARNING: issue-120.pdf (file position 85): loop detected resolving object 3 0 +issue-120.pdf (object 6 0, file position 85): supposed object stream 3 is not a stream diff --git a/qpdf/qtest/qpdf/issue-120.pdf b/qpdf/qtest/qpdf/issue-120.pdf new file mode 100644 index 0000000000000000000000000000000000000000..fd8a52533b2056f253d012b8df8e5bd66ac64c9a GIT binary patch literal 785 zcma)4O>f&U40W-Ftt%N%&Jn7B?V^*h3LE_)P`@51vA)kEU_je zy$N#D9;_D}xz1zH5>Q4k@D%L>^#NLV8D4YGZgX2p^WTuGh( zCx04iDd2>RBtCYW$EVd4pL>(O)#KLwRK?Eyu~-Y=Z+&OuAl7jJ57=uM=%^$*i&}u& yVF>J*zR8JP#>8gX=WL$MXr6uIE%&r%^NVcevU5`WxE;gm$V6(rRC#`L*Zc*owX!S# literal 0 HcmV?d00001