2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 10:58:58 +00:00

Add comments around non-security-related uses of MD5

This commit is contained in:
Jay Berkenbilt 2022-04-30 13:52:23 -04:00
parent c365a26e9d
commit ce19471f18
2 changed files with 7 additions and 3 deletions

View File

@ -57,9 +57,11 @@ class QPDFEFStreamObjectHelper: public QPDFObjectHelper
// Subtype is a mime type such as "text/plain"
QPDF_DLL
std::string getSubtype();
// Return the MD5 checksum as stored in the object as a binary
// string. This does not check consistency with the data. If not
// present, return an empty string.
// Return the checksum as stored in the object as a binary string.
// This does not check consistency with the data. If not present,
// return an empty string. The PDF spec specifies this as an MD5
// checksum and notes that it is not to be used for security
// purposes since MD5 is known not to be secure.
QPDF_DLL
std::string getChecksum();

View File

@ -139,6 +139,8 @@ QPDFEFStreamObjectHelper::newFromStream(QPDFObjectHandle stream)
stream.getDict().replaceKey(
"/Type", QPDFObjectHandle::newName("/EmbeddedFile"));
Pl_Discard discard;
// The PDF spec specifies use of MD5 here and notes that it is not
// to be used for security. MD5 is known to be insecure.
Pl_MD5 md5("EF md5", &discard);
Pl_Count count("EF size", &md5);
if (!stream.pipeStreamData(&count, nullptr, 0, qpdf_dl_all)) {