2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-11-14 08:44:04 +00:00
Commit Graph

55 Commits

Author SHA1 Message Date
Jay Berkenbilt
5da146c8b5 Track separately whether password was user/owner (fixes #159) 2019-08-24 11:01:19 -04:00
Jay Berkenbilt
5a0aef55a0 Split long line 2019-08-24 10:58:51 -04:00
Jay Berkenbilt
c5ed1b8075 Handle invalid encryption Length (fixes #333) 2019-06-22 20:57:33 -04:00
Jay Berkenbilt
6c39aa8763 In shippable code, favor smart pointers (fixes #235)
Use PointerHolder in several places where manually memory allocation
and deallocation were being used. This helps to protect against memory
leaks when exceptions are thrown in surprising places.
2019-06-22 16:57:52 -04:00
Jay Berkenbilt
63a643a3c7 Remove implicit conversion from int/pointer to bool
This fixes cases of warning C4800 from msvc
2019-06-21 13:17:21 -04:00
Jay Berkenbilt
d71f05ca07 Fix sign and conversion warnings (major)
This makes all integer type conversions that have potential data loss
explicit with calls that do range checks and raise an exception. After
this commit, qpdf builds with no warnings when -Wsign-conversion
-Wconversion is used with gcc or clang or when -W3 -Wd4800 is used
with MSVC. This significantly reduces the likelihood of potential
crashes from bogus integer values.

There are some parts of the code that take int when they should take
size_t or an offset. Such places would make qpdf not support files
with more than 2^31 of something that usually wouldn't be so large. In
the event that such a file shows up and is valid, at least qpdf would
raise an error in the right spot so the issue could be legitimately
addressed rather than failing in some weird way because of a silent
overflow condition.
2019-06-21 13:17:21 -04:00
Jay Berkenbilt
fbbb0ee016 Make a static version of QPDF::pipeStreamData
This is in preparation of being able to pipe a stream's data without
keeping a copy of its containing qpdf object.
2019-01-07 00:11:15 -05:00
Jay Berkenbilt
e27ac682e0 Move encryption parameters into a class 2019-01-06 09:58:16 -05:00
Jay Berkenbilt
5d9d80beba Fix fallback logic for encryption (fixes #229) 2018-08-12 22:32:40 -04:00
Jay Berkenbilt
932799baab Fix memory access error
A previous fix introduced a potentially memory overrun under certain
rare conditions. The test suite now once again passes with address
sanitizer.
2018-08-12 13:16:17 -04:00
Jay Berkenbilt
1619cad1e8 Return correct method for string encryption (fixes #227) 2018-08-05 16:58:21 -04:00
Jay Berkenbilt
3aad28aed0 Bug fix: honor encryption key length with R=3 (fixes #212) 2018-06-22 19:24:26 -04:00
Jay Berkenbilt
569d74d36b Allow raw encryption key to be specified
Add options to enable the raw encryption key to be directly shown or
specified. Thanks to Didier Stevens <didier.stevens@gmail.com> for the
idea and contribution of one implementation of this idea.
2018-01-14 10:21:05 -05:00
Jay Berkenbilt
dea704f0ab Pad keys to avoid memory errors (fixes #147) 2017-08-26 21:35:59 -04:00
Jay Berkenbilt
a8c93bd324 Push QPDF member variables into a nested class
Pushing member variables into a nested class enables addition of new
member variables without breaking binary compatibility.
2017-08-21 21:35:11 -04:00
Jay Berkenbilt
8fe0b06cd8 Pad encryption parameters that are too short (fixes #96) 2017-08-11 19:53:56 -04:00
Jay Berkenbilt
28a9df5119 Avoid buffer overrun copying digest
Converting a password to an encryption key is supposed to copy up to a
certain number of bytes from a digest. Make sure never to copy more
than the size of the digest.
2015-02-21 17:51:08 -05:00
Jay Berkenbilt
dc9df97466 Include <algorithm> for std::min, std::max 2013-11-29 10:48:16 -05:00
Jay Berkenbilt
ac9c1f0d56 Security: replace operator[] with at
For std::string and std::vector, replace operator[] with at.  This was
done using an automated process.  See README.hardening for details.
2013-10-18 10:45:14 -04:00
Jay Berkenbilt
a85007cb0d Handle more broken files
Space rather than newline after xref, missing /ID in trailer for
encrypted file.  This enables qpdf to handle some files that xpdf can
handle.  Adobe reader can't necessarily handle them.
2013-06-15 12:40:01 -04:00
Jay Berkenbilt
d88231e01e Promote QPDF::ObjGen to top-level object QPDFObjGen 2013-06-14 14:58:08 -04:00
Jay Berkenbilt
ed19516aa7 Fix unused local variable warnings 2013-03-04 16:45:16 -05:00
Jay Berkenbilt
30027481f7 Remove all old-style casts from C++ code 2013-03-04 16:45:16 -05:00
Jay Berkenbilt
e57c25814e Support for encryption with /V=5 and /R=5 and /R=6
Read and write support is implemented for /V=5 with /R=5 as well as
/R=6.  /R=5 is the deprecated encryption method used by Acrobat IX.
/R=6 is the encryption method used by PDF 2.0 from ISO 32000-2.
2012-12-31 10:32:32 -05:00
Jay Berkenbilt
93ac1695a4 Support files with only attachments encrypted
Test cases added in a future commit since they depend on /R=6 support.
2012-12-31 10:32:32 -05:00
Jay Berkenbilt
16a23368e7 Fix infinite loop trimming passwords with ( in them 2012-12-31 10:32:31 -05:00
Jay Berkenbilt
9b42f526df Update AES classes to work with 256-bit keys 2012-12-31 05:36:50 -05:00
Jay Berkenbilt
3101955ac0 Add V5 parameters to EncryptionData 2012-12-31 05:36:50 -05:00
Jay Berkenbilt
68447bb556 change EncryptionData 2012-12-31 05:36:50 -05:00
Jay Berkenbilt
a101533e0a Add command line option to copy encryption from other file
Add --copy-encryption and --encryption-file-password options to qpdf.
Also strengthen test suite for copying encryption.  The strengthened
test suite would have caught the failure to preserve AES and the
failure to update the file version, which was invalidating the
encrypted data.
2012-07-15 21:15:24 -04:00
Jay Berkenbilt
5d4cad9c02 ABI change: fix use of off_t, size_t, and integer types
Significantly improve the code's use of off_t for file offsets, size_t
for memory sizes, and integer types in cases where there has to be
compatibility with external interfaces.  Rework sections of the code
that would have prevented qpdf from working on files larger than 2 (or
maybe 4) GB in size.
2012-06-20 15:20:26 -04:00
Jay Berkenbilt
24e2b2b76f Fix gcc 4.7 warnings about C++11 2012-06-20 15:18:14 -04:00
Jay Berkenbilt
76b1659177 enhance PointerHolder so that it can explicitly be told to use delete [] instead of delete, thus making it useful to run valgrind over qpdf during its test suite 2011-08-11 11:57:37 -04:00
Jay Berkenbilt
9a1fad4077 comments 2011-08-10 20:57:52 -04:00
Jay Berkenbilt
a7e269537d update code to new PointerHolder, and reintroduce change that was accidentally backed out
git-svn-id: svn+q:///qpdf/trunk@1031 71b93d88-0707-0410-a8cf-f5a4172ac649
2010-09-24 20:45:18 +00:00
Jay Berkenbilt
ce8b1ba6a5 convert file to a PointerHolder<InputSource> so it could be either a file or a buffer; also fix a bug in BufferInputSource::seek
git-svn-id: svn+q:///qpdf/trunk@1030 71b93d88-0707-0410-a8cf-f5a4172ac649
2010-09-24 19:10:08 +00:00
Jay Berkenbilt
fc8f93053d don't place restrictions on length of /ID strings
git-svn-id: svn+q:///qpdf/trunk@961 71b93d88-0707-0410-a8cf-f5a4172ac649
2010-04-25 14:55:36 +00:00
Jay Berkenbilt
3f8c4c2736 categorize all error messages and include object information if available
git-svn-id: svn+q:///qpdf/trunk@829 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-19 23:09:19 +00:00
Jay Berkenbilt
734ac1e1d2 deal with stream-specific crypt filters
git-svn-id: svn+q:///qpdf/trunk@827 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-19 01:58:31 +00:00
Jay Berkenbilt
94131116a9 more notes, testing of cleartext metadata, some crypt filter fixes
git-svn-id: svn+q:///qpdf/trunk@823 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-18 19:54:24 +00:00
Jay Berkenbilt
67e353e4e4 use StdCF to make adobe reader happy; handle EncryptMetadata properly when reading
git-svn-id: svn+q:///qpdf/trunk@817 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-18 02:26:09 +00:00
Jay Berkenbilt
e25910b59a reading crypt filters is largely implemented but not fully tested
git-svn-id: svn+q:///qpdf/trunk@812 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-17 23:37:55 +00:00
Jay Berkenbilt
c13bc66de8 checkpoint -- partially implemented /V=4 encryption
git-svn-id: svn+q:///qpdf/trunk@811 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-17 18:54:51 +00:00
Jay Berkenbilt
846c9f6bcc checkpoint -- started doing some R4 encryption support
git-svn-id: svn+q:///qpdf/trunk@807 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-17 03:14:47 +00:00
Jay Berkenbilt
44cbd3d4b4 do DLL_EXPORT only in header files and only at the class or top-level function level
git-svn-id: svn+q:///qpdf/trunk@796 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-12 01:15:55 +00:00
Jay Berkenbilt
c2023db265 Implement changes suggested by Zarko and our subsequent conversations:
- Add a way to set the minimum PDF version
 - Add a way to force the PDF version
 - Have isEncrypted return true if an /Encrypt dictionary exists even
   when we can't read the file
 - Allow qpdf_init_write to be called multiple times
 - Update some comments in headers


git-svn-id: svn+q:///qpdf/trunk@748 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-10-05 00:42:48 +00:00
Jay Berkenbilt
8d7bb3ff50 add methods for getting encryption data
git-svn-id: svn+q:///qpdf/trunk@733 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-09-27 20:05:38 +00:00
Jay Berkenbilt
02333ba1e9 checkpoint -- first crack at C API, minor refactoring of encryption functions
git-svn-id: svn+q:///qpdf/trunk@720 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-09-27 03:11:29 +00:00
Jay Berkenbilt
f3d7c26de1 removed qexc; non-compatible ABI change
git-svn-id: svn+q:///qpdf/trunk@709 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-09-26 18:36:04 +00:00
Jay Berkenbilt
1e74c03acd stick DLL_EXPORT in front of every public method of every public class
git-svn-id: svn+q:///qpdf/trunk@688 71b93d88-0707-0410-a8cf-f5a4172ac649
2009-08-06 19:00:25 +00:00