Skip to content
Projeler
Gruplar
Parçacıklar
Yardım
Yükleniyor...
Oturum aç / Kaydol
Gezinmeyi değiştir
C
core
Proje
Proje
Ayrıntılar
Etkinlik
Cycle Analytics
Depo (repository)
Depo (repository)
Dosyalar
Kayıtlar (commit)
Dallar (branch)
Etiketler
Katkıda bulunanlar
Grafik
Karşılaştır
Grafikler
Konular (issue)
0
Konular (issue)
0
Liste
Pano
Etiketler
Kilometre Taşları
Birleştirme (merge) Talepleri
0
Birleştirme (merge) Talepleri
0
CI / CD
CI / CD
İş akışları (pipeline)
İşler
Zamanlamalar
Grafikler
Paketler
Paketler
Wiki
Wiki
Parçacıklar
Parçacıklar
Üyeler
Üyeler
Collapse sidebar
Close sidebar
Etkinlik
Grafik
Grafikler
Yeni bir konu (issue) oluştur
İşler
Kayıtlar (commit)
Konu (issue) Panoları
Kenar çubuğunu aç
LibreOffice
core
Commits
db944ee5
Kaydet (Commit)
db944ee5
authored
14 years ago
tarafından
Philipp Lohmann [pl]
Dosyalara gözat
Seçenekler
Dosyalara Gözat
İndir
Eposta Yamaları
Sade Fark
vcl119: #163136# do not pass a clear text password to xpdf
üst
5d1335e1
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
148 additions
and
11 deletions
+148
-11
filterdet.cxx
sdext/source/pdfimport/filterdet.cxx
+4
-0
pdfparse.hxx
sdext/source/pdfimport/inc/pdfparse.hxx
+2
-0
pdfentries.cxx
sdext/source/pdfimport/pdfparse/pdfentries.cxx
+18
-0
wrapper.cxx
sdext/source/pdfimport/wrapper/wrapper.cxx
+13
-0
wrapper_gpl.cxx
sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx
+9
-10
makefile.mk
xpdf/makefile.mk
+1
-1
xpdf-3.02-ooopwd.patch
xpdf/xpdf-3.02-ooopwd.patch
+101
-0
No files found.
sdext/source/pdfimport/filterdet.cxx
Dosyayı görüntüle @
db944ee5
...
...
@@ -718,6 +718,8 @@ uno::Reference< io::XStream > getAdditionalStream( const rtl::OUString&
rtl
::
OString
aIsoPwd
=
rtl
::
OUStringToOString
(
io_rPwd
,
RTL_TEXTENCODING_ISO_8859_1
);
bAuthenticated
=
pPDFFile
->
setupDecryptionData
(
aIsoPwd
.
getStr
()
);
// trash password string on heap
rtl_zeroMemory
(
(
void
*
)
aIsoPwd
.
getStr
(),
aIsoPwd
.
getLength
()
);
}
if
(
!
bAuthenticated
)
{
...
...
@@ -745,6 +747,8 @@ uno::Reference< io::XStream > getAdditionalStream( const rtl::OUString&
rtl
::
OString
aIsoPwd
=
rtl
::
OUStringToOString
(
io_rPwd
,
RTL_TEXTENCODING_ISO_8859_1
);
bAuthenticated
=
pPDFFile
->
setupDecryptionData
(
aIsoPwd
.
getStr
()
);
// trash password string on heap
rtl_zeroMemory
(
(
void
*
)
aIsoPwd
.
getStr
(),
aIsoPwd
.
getLength
()
);
}
while
(
bEntered
&&
!
bAuthenticated
);
}
...
...
This diff is collapsed.
Click to expand it.
sdext/source/pdfimport/inc/pdfparse.hxx
Dosyayı görüntüle @
db944ee5
...
...
@@ -260,6 +260,8 @@ struct PDFFile : public PDFContainer
bool
decrypt
(
const
sal_uInt8
*
pInBuffer
,
sal_uInt32
nLen
,
sal_uInt8
*
pOutBuffer
,
unsigned
int
nObject
,
unsigned
int
nGeneration
)
const
;
rtl
::
OUString
getDecryptionKey
()
const
;
};
struct
PDFObject
:
public
PDFContainer
...
...
This diff is collapsed.
Click to expand it.
sdext/source/pdfimport/pdfparse/pdfentries.cxx
Dosyayı görüntüle @
db944ee5
...
...
@@ -32,6 +32,7 @@
#include <rtl/strbuf.hxx>
#include <rtl/ustring.hxx>
#include <rtl/ustrbuf.hxx>
#include <rtl/alloc.h>
#include <rtl/digest.h>
#include <rtl/cipher.h>
...
...
@@ -1277,6 +1278,23 @@ bool PDFFile::setupDecryptionData( const OString& rPwd ) const
return
bValid
;
}
rtl
::
OUString
PDFFile
::
getDecryptionKey
()
const
{
rtl
::
OUStringBuffer
aBuf
(
ENCRYPTION_KEY_LEN
*
2
);
if
(
impl_getData
()
->
m_bIsEncrypted
)
{
for
(
sal_uInt32
i
=
0
;
i
<
m_pData
->
m_nKeyLength
;
i
++
)
{
static
const
sal_Unicode
pHexTab
[
16
]
=
{
'0'
,
'1'
,
'2'
,
'3'
,
'4'
,
'5'
,
'6'
,
'7'
,
'8'
,
'9'
,
'A'
,
'B'
,
'C'
,
'D'
,
'E'
,
'F'
};
aBuf
.
append
(
pHexTab
[(
m_pData
->
m_aDecryptionKey
[
i
]
>>
4
)
&
0x0f
]
);
aBuf
.
append
(
pHexTab
[(
m_pData
->
m_aDecryptionKey
[
i
]
&
0x0f
)]
);
}
}
return
aBuf
.
makeStringAndClear
();
}
PDFFileImplData
*
PDFFile
::
impl_getData
()
const
{
if
(
m_pData
)
...
...
This diff is collapsed.
Click to expand it.
sdext/source/pdfimport/wrapper/wrapper.cxx
Dosyayı görüntüle @
db944ee5
...
...
@@ -913,6 +913,8 @@ static bool checkEncryption( const rtl::OUString&
rtl
::
OString
aIsoPwd
=
rtl
::
OUStringToOString
(
io_rPwd
,
RTL_TEXTENCODING_ISO_8859_1
);
bAuthenticated
=
pPDFFile
->
setupDecryptionData
(
aIsoPwd
.
getStr
()
);
// trash password string on heap
rtl_zeroMemory
(
(
void
*
)
aIsoPwd
.
getStr
(),
aIsoPwd
.
getLength
()
);
}
if
(
bAuthenticated
)
bSuccess
=
true
;
...
...
@@ -927,12 +929,23 @@ static bool checkEncryption( const rtl::OUString&
rtl
::
OString
aIsoPwd
=
rtl
::
OUStringToOString
(
io_rPwd
,
RTL_TEXTENCODING_ISO_8859_1
);
bAuthenticated
=
pPDFFile
->
setupDecryptionData
(
aIsoPwd
.
getStr
()
);
// trash password string on heap
rtl_zeroMemory
(
(
void
*
)
aIsoPwd
.
getStr
(),
aIsoPwd
.
getLength
()
);
}
while
(
bEntered
&&
!
bAuthenticated
);
}
OSL_TRACE
(
"password: %s
\n
"
,
bAuthenticated
?
"matches"
:
"does not match"
);
bSuccess
=
bAuthenticated
;
}
// trash password string on heap
rtl_zeroMemory
(
(
void
*
)
io_rPwd
.
getStr
(),
io_rPwd
.
getLength
()
*
sizeof
(
sal_Unicode
)
);
if
(
bAuthenticated
)
{
rtl
::
OUStringBuffer
aBuf
(
128
);
aBuf
.
appendAscii
(
"_OOO_pdfi_Credentials_"
);
aBuf
.
append
(
pPDFFile
->
getDecryptionKey
()
);
io_rPwd
=
aBuf
.
makeStringAndClear
();
}
}
else
bSuccess
=
true
;
...
...
This diff is collapsed.
Click to expand it.
sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx
Dosyayı görüntüle @
db944ee5
...
...
@@ -107,8 +107,8 @@ int main(int argc, char **argv)
#endif
// try to read a possible open password form stdin
char
aPwBuf
[
34
];
aPwBuf
[
33
]
=
0
;
char
aPwBuf
[
129
];
aPwBuf
[
128
]
=
0
;
if
(
!
fgets
(
aPwBuf
,
sizeof
(
aPwBuf
)
-
1
,
stdin
)
)
aPwBuf
[
0
]
=
0
;
// mark as empty
else
...
...
@@ -132,14 +132,14 @@ int main(int argc, char **argv)
// check for password string(s)
GooString
*
pOwnerPasswordStr
(
ownerPassword
[
0
]
!=
'\001'
?
new
GooString
(
ownerPassword
)
:
(
GooString
*
)
NULL
);
GooString
*
pUserPasswordStr
(
aPwBuf
[
0
]
!=
0
GooString
*
pOwnerPasswordStr
(
aPwBuf
[
0
]
!=
0
?
new
GooString
(
aPwBuf
)
:
(
userPassword
[
0
]
!=
'\001'
?
new
GooString
(
userPassword
)
:
(
GooString
*
)
NULL
)
);
:
(
ownerPassword
[
0
]
!=
'\001'
?
new
GooString
(
ownerPassword
)
:
(
GooString
*
)
NULL
)
);
GooString
*
pUserPasswordStr
(
userPassword
[
0
]
!=
'\001'
?
new
GooString
(
userPassword
)
:
(
GooString
*
)
NULL
);
if
(
outputFile
[
0
]
!=
'\001'
)
g_binary_out
=
fopen
(
outputFile
,
"wb"
);
...
...
@@ -188,7 +188,6 @@ int main(int argc, char **argv)
}
else
{
pdfi
::
PDFOutDev
*
pOutDev
(
new
pdfi
::
PDFOutDev
(
&
aDoc
)
);
// tell receiver early - needed for proper progress calculation
...
...
This diff is collapsed.
Click to expand it.
xpdf/makefile.mk
Dosyayı görüntüle @
db944ee5
...
...
@@ -48,7 +48,7 @@ dummy:
TARFILE_NAME
=
xpdf-3.02
TARFILE_MD5
=
599dc4cc65a07ee868cf92a667a913d2
PATCH_FILES
=
$(TARFILE_NAME)
.patch xpdf-3.02-sec.patch
PATCH_FILES
=
$(TARFILE_NAME)
.patch xpdf-3.02-sec.patch
xpdf-3.02-ooopwd.patch
CONFIGURE_DIR
=
BUILD_DIR
=
$(CONFIGURE_DIR)
...
...
This diff is collapsed.
Click to expand it.
xpdf/xpdf-3.02-ooopwd.patch
0 → 100644
Dosyayı görüntüle @
db944ee5
--- misc/xpdf-3.02/xpdf/SecurityHandler.cc 2007-02-27 23:05:52.000000000 +0100
+++ misc/build/xpdf-3.02/xpdf/SecurityHandler.cc 2011-02-03 16:41:49.000000000 +0100
@@ -40,7 +40,7 @@
encryptDictA->dictLookup("Filter", &filterObj);
if (filterObj.isName("Standard")) {
- secHdlr = new StandardSecurityHandler(docA, encryptDictA);
+ secHdlr = new OOoImportSecurityhandler(docA, encryptDictA);
} else if (filterObj.isName()) {
#ifdef ENABLE_PLUGINS
if ((xsh = globalParams->getSecurityHandler(filterObj.getName()))) {
@@ -310,6 +310,60 @@
return gTrue;
}
+//------------------------------------------------------------------------
+// OOoImportSecurityhandler
+//------------------------------------------------------------------------
+
+OOoImportSecurityhandler::~OOoImportSecurityhandler()
+{
+}
+
+inline Guchar toNum( Guchar digit )
+{
+ return (digit >= '0') && digit <= '9'
+ ? digit - '0'
+ : (digit >= 'A' && digit <= 'F')
+ ? digit - 'A' + 10
+ : (digit >= 'a' && digit <= 'f')
+ ? digit - 'a' + 10
+ : Guchar(0xff);
+}
+
+GBool OOoImportSecurityhandler::authorize(void* authData)
+{
+ if( !ok )
+ return gFalse;
+ if( authData )
+ {
+ GString* ownerPassword = ((StandardAuthData *)authData)->ownerPassword;
+ if( ownerPassword )
+ {
+ const char* pStr = ownerPassword->getCString();
+ if( strncmp( pStr, "_OOO_pdfi_Credentials_", 22 ) == 0 )
+ {
+ // a hex encoded byte sequence should follow until end of string
+ // the length must match fileKeyLength
+ // if this is the case we can assume that the password checked out
+ // and the file key is valid
+ // max len is 16 (the size of the fileKey array)
+ pStr += 22;
+ size_t i = 0;
+ while( pStr[0] && pStr[1] && i < sizeof( fileKey ) )
+ {
+ fileKey[i++] = (toNum( *pStr++ ) << 4)
+ | (toNum( *pStr++ ));
+ }
+ if( i == size_t(fileKeyLength) )
+ {
+ ownerPasswordOk = gTrue;
+ return gTrue;
+ }
+ }
+ }
+ }
+ return StandardSecurityHandler::authorize( authData );
+}
+
#ifdef ENABLE_PLUGINS
//------------------------------------------------------------------------
--- misc/xpdf-3.02/xpdf/SecurityHandler.h 2007-02-27 23:05:52.000000000 +0100
+++ misc/build/xpdf-3.02/xpdf/SecurityHandler.h 2011-02-03 16:26:17.000000000 +0100
@@ -103,7 +103,7 @@
virtual int getEncVersion() { return encVersion; }
virtual CryptAlgorithm getEncAlgorithm() { return encAlgorithm; }
-private:
+protected:
int permFlags;
GBool ownerPasswordOk;
@@ -119,6 +119,17 @@
GBool ok;
};
+class OOoImportSecurityhandler : public StandardSecurityHandler
+{
+public:
+ OOoImportSecurityhandler( PDFDoc* docA, Object* encryptDictA )
+ : StandardSecurityHandler( docA, encryptDictA )
+ {}
+ virtual ~OOoImportSecurityhandler();
+
+ virtual GBool authorize(void* authData);
+};
+
#ifdef ENABLE_PLUGINS
//------------------------------------------------------------------------
// ExternalSecurityHandler
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment