octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 19:08:59 +00:00
Code Issues Releases Wiki Activity

Security: handle empty name in normalizeName

Browse Source
This commit is contained in:
Jay Berkenbilt 2013-10-05 05:52:42 -04:00
parent eb1b1264b4
commit b097d7a81b
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,5 +1,10 @@
2013-10-05 Jay Berkenbilt <ejb@ql.org> 2013-10-05 Jay Berkenbilt <ejb@ql.org>
* Security fix: properly handle empty strings in
QPDF_Name::normalizeName. The empty string is not a valid name
and would never be parsed as a name, so there were no known
conditions where this method could be called with an empty string.
* Security fix: perform additional argument sanity checks when * Security fix: perform additional argument sanity checks when
reading bit streams. reading bit streams.

4
libqpdf/QPDF_Name.cc
View File

@ -16,6 +16,10 @@ QPDF_Name::~QPDF_Name()
std::string std::string
QPDF_Name::normalizeName(std::string const& name) QPDF_Name::normalizeName(std::string const& name)
{ {
if (name.empty())
{
return name;
}
std::string result; std::string result;
result += name[0]; result += name[0];
for (unsigned int i = 1; i < name.length(); ++i) for (unsigned int i = 1; i < name.length(); ++i)