vcl119: #163136# do not pass a clear text password to xpdf

5 files changed, 46 insertions, 10 deletions

diff --git a/sdext/source/pdfimport/filterdet.cxx b/sdext/source/pdfimport/filterdet.cxx
index e9d58cfdb3b2..d5fcf30a803c 100644
--- a/sdext/source/pdfimport/filterdet.cxx
+++ b/sdext/source/pdfimport/filterdet.cxx
@@ -718,6 +718,8 @@ uno::Reference< io::XStream > getAdditionalStream( const rtl::OUString&
                                     rtl::OString aIsoPwd = rtl::OUStringToOString( io_rPwd,
                                                                                    RTL_TEXTENCODING_ISO_8859_1 );
                                     bAuthenticated = pPDFFile->setupDecryptionData( aIsoPwd.getStr() );
+                                    // trash password string on heap
+                                    rtl_zeroMemory( (void*)aIsoPwd.getStr(), aIsoPwd.getLength() );
                                 }
                                 if( ! bAuthenticated )
                                 {
@@ -745,6 +747,8 @@ uno::Reference< io::XStream > getAdditionalStream( const rtl::OUString&
                                         rtl::OString aIsoPwd = rtl::OUStringToOString( io_rPwd,
                                                                                        RTL_TEXTENCODING_ISO_8859_1 );
                                         bAuthenticated = pPDFFile->setupDecryptionData( aIsoPwd.getStr() );
+                                        // trash password string on heap
+                                        rtl_zeroMemory( (void*)aIsoPwd.getStr(), aIsoPwd.getLength() );
                                     } while( bEntered && ! bAuthenticated );
                                 }
 
diff --git a/sdext/source/pdfimport/inc/pdfparse.hxx b/sdext/source/pdfimport/inc/pdfparse.hxx
index 4d19d9140a09..683c438bdf54 100644
--- a/sdext/source/pdfimport/inc/pdfparse.hxx
+++ b/sdext/source/pdfimport/inc/pdfparse.hxx
@@ -260,6 +260,8 @@ struct PDFFile : public PDFContainer
     bool decrypt( const sal_uInt8* pInBuffer, sal_uInt32 nLen,
                   sal_uInt8* pOutBuffer,
                   unsigned int nObject, unsigned int nGeneration ) const;
+
+    rtl::OUString getDecryptionKey() const;
 };
 
 struct PDFObject : public PDFContainer
diff --git a/sdext/source/pdfimport/pdfparse/pdfentries.cxx b/sdext/source/pdfimport/pdfparse/pdfentries.cxx
index 4b39b60d1c52..e741d7499915 100644
--- a/sdext/source/pdfimport/pdfparse/pdfentries.cxx
+++ b/sdext/source/pdfimport/pdfparse/pdfentries.cxx
@@ -32,6 +32,7 @@
 
 #include <rtl/strbuf.hxx>
 #include <rtl/ustring.hxx>
+#include <rtl/ustrbuf.hxx>
 #include <rtl/alloc.h>
 #include <rtl/digest.h>
 #include <rtl/cipher.h>
@@ -1277,6 +1278,23 @@ bool PDFFile::setupDecryptionData( const OString& rPwd ) const
     return bValid;
 }
 
+rtl::OUString PDFFile::getDecryptionKey() const
+{
+    rtl::OUStringBuffer aBuf( ENCRYPTION_KEY_LEN * 2 );
+    if( impl_getData()->m_bIsEncrypted )
+    {
+        for( sal_uInt32 i = 0; i < m_pData->m_nKeyLength; i++ )
+        {
+            static const sal_Unicode pHexTab[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
+                                                     '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
+            aBuf.append( pHexTab[(m_pData->m_aDecryptionKey[i] >> 4) & 0x0f] );
+            aBuf.append( pHexTab[(m_pData->m_aDecryptionKey[i] & 0x0f)] );
+        }
+
+    }
+    return aBuf.makeStringAndClear();
+}
+
 PDFFileImplData* PDFFile::impl_getData() const
 {
     if( m_pData )
diff --git a/sdext/source/pdfimport/wrapper/wrapper.cxx b/sdext/source/pdfimport/wrapper/wrapper.cxx
index 51817ce5eacf..f9255393ae6e 100755
--- a/sdext/source/pdfimport/wrapper/wrapper.cxx
+++ b/sdext/source/pdfimport/wrapper/wrapper.cxx
@@ -913,6 +913,8 @@ static bool checkEncryption( const rtl::OUString&
                     rtl::OString aIsoPwd = rtl::OUStringToOString( io_rPwd,
                                                                    RTL_TEXTENCODING_ISO_8859_1 );
                     bAuthenticated = pPDFFile->setupDecryptionData( aIsoPwd.getStr() );
+                    // trash password string on heap
+                    rtl_zeroMemory( (void*)aIsoPwd.getStr(), aIsoPwd.getLength() );
                 }
                 if( bAuthenticated )
                     bSuccess = true;
@@ -927,12 +929,23 @@ static bool checkEncryption( const rtl::OUString&
                             rtl::OString aIsoPwd = rtl::OUStringToOString( io_rPwd,
                                                                            RTL_TEXTENCODING_ISO_8859_1 );
                             bAuthenticated = pPDFFile->setupDecryptionData( aIsoPwd.getStr() );
+                            // trash password string on heap
+                            rtl_zeroMemory( (void*)aIsoPwd.getStr(), aIsoPwd.getLength() );
                         } while( bEntered && ! bAuthenticated );
                     }
 
                     OSL_TRACE( "password: %s\n", bAuthenticated ? "matches" : "does not match" );
                     bSuccess = bAuthenticated;
                 }
+                // trash password string on heap
+                rtl_zeroMemory( (void*)io_rPwd.getStr(), io_rPwd.getLength()*sizeof(sal_Unicode) );
+                if( bAuthenticated )
+                {
+                    rtl::OUStringBuffer aBuf( 128 );
+                    aBuf.appendAscii( "_OOO_pdfi_Credentials_" );
+                    aBuf.append( pPDFFile->getDecryptionKey() );
+                    io_rPwd = aBuf.makeStringAndClear();
+                }
             }
             else
                 bSuccess = true;
diff --git a/sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx b/sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx
index 6011b6989576..e0c5763acac8 100644
--- a/sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx
+++ b/sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx
@@ -107,8 +107,8 @@ int main(int argc, char **argv)
 #endif
 
     // try to read a possible open password form stdin
-    char aPwBuf[34];
-    aPwBuf[33] = 0;
+    char aPwBuf[129];
+    aPwBuf[128] = 0;
     if( ! fgets( aPwBuf, sizeof(aPwBuf)-1, stdin ) )
         aPwBuf[0] = 0; // mark as empty
     else
@@ -132,14 +132,14 @@ int main(int argc, char **argv)
 
 
     // check for password string(s)
-    GooString* pOwnerPasswordStr( ownerPassword[0] != '\001'
-                                  ? new GooString(ownerPassword)
-                                  : (GooString *)NULL );
-    GooString* pUserPasswordStr( aPwBuf[0] != 0
+    GooString* pOwnerPasswordStr( aPwBuf[0] != 0
                                  ? new GooString( aPwBuf )
-                                 : ( userPassword[0] != '\001'
-                                     ? new GooString(userPassword)
-                                     : (GooString *)NULL ) );
+                                 : (ownerPassword[0] != '\001'
+                                    ? new GooString(ownerPassword)
+                                    : (GooString *)NULL ) );
+    GooString* pUserPasswordStr(  userPassword[0] != '\001'
+                                  ? new GooString(userPassword)
+                                  : (GooString *)NULL );
     if( outputFile[0] != '\001' )
         g_binary_out = fopen(outputFile,"wb");
 
@@ -188,7 +188,6 @@ int main(int argc, char **argv)
    }
    else
    {
-
       pdfi::PDFOutDev* pOutDev( new pdfi::PDFOutDev(&aDoc) );
 
       // tell receiver early - needed for proper progress calculation