mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 10:58:58 +00:00
Security: handle empty name in normalizeName
This commit is contained in:
parent
eb1b1264b4
commit
b097d7a81b
@ -1,5 +1,10 @@
|
||||
2013-10-05 Jay Berkenbilt <ejb@ql.org>
|
||||
|
||||
* Security fix: properly handle empty strings in
|
||||
QPDF_Name::normalizeName. The empty string is not a valid name
|
||||
and would never be parsed as a name, so there were no known
|
||||
conditions where this method could be called with an empty string.
|
||||
|
||||
* Security fix: perform additional argument sanity checks when
|
||||
reading bit streams.
|
||||
|
||||
|
@ -16,6 +16,10 @@ QPDF_Name::~QPDF_Name()
|
||||
std::string
|
||||
QPDF_Name::normalizeName(std::string const& name)
|
||||
{
|
||||
if (name.empty())
|
||||
{
|
||||
return name;
|
||||
}
|
||||
std::string result;
|
||||
result += name[0];
|
||||
for (unsigned int i = 1; i < name.length(); ++i)
|
||||
|
Loading…
Reference in New Issue
Block a user