From 917b3a71fb20748965254631199ad98210d6c2fb Mon Sep 17 00:00:00 2001 From: Ken Sharp Date: Thu, 25 Jan 2024 11:58:22 +0000 Subject: [PATCH 1/7] Bug 707510 - don't use strlen on passwords http://www.ghostscript.com/cgi-bin/findgit.cgi?917b3a71fb20748965254631199ad98210d6c2fb Item #1 of the report. This looks like an oversight when first coding the routine. We should use the PostScript string length, because PostScript strings may not be NULL terminated (and as here may contain internal NULL characters). Fix the R6 handler which has the same problem too. --- pdf/pdf_sec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pdf/pdf_sec.c b/pdf/pdf_sec.c index fa7131f..841eb72 100644 --- a/pdf/pdf_sec.c +++ b/pdf/pdf_sec.c @@ -1271,7 +1271,7 @@ static int check_password_R5(pdf_context *ctx, char *Password, int PasswordLen, /* If the supplied Password fails as the user *and* owner password, maybe its in * the locale, not UTF-8, try converting to UTF-8 */ - code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P); + code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P); if (code < 0) return code; memcpy(P->data, Password, PasswordLen); @@ -1318,7 +1318,7 @@ static int check_password_R6(pdf_context *ctx, char *Password, int PasswordLen, /* If the supplied Password fails as the user *and* owner password, maybe its in * the locale, not UTF-8, try converting to UTF-8 */ - code = pdfi_object_alloc(ctx, PDF_STRING, strlen(ctx->encryption.Password), (pdf_obj **)&P); + code = pdfi_object_alloc(ctx, PDF_STRING, PasswordLen, (pdf_obj **)&P); if (code < 0) return code; memcpy(P->data, Password, PasswordLen); -- 2.43.0