diff options
author | Philipp Lohmann [pl] <Philipp.Lohmann@Oracle.COM> | 2011-02-03 17:54:31 +0100 |
---|---|---|
committer | Philipp Lohmann [pl] <Philipp.Lohmann@Oracle.COM> | 2011-02-03 17:54:31 +0100 |
commit | db944ee55fc510ca5940728b0d16a852f12842d8 (patch) | |
tree | 8cc42dc7305397e6e7fbcfbce25a34fb013e80a6 /sdext/source | |
parent | 5d1335e1f02b0ebaee310d811214b18e8a276698 (diff) |
vcl119: #163136# do not pass a clear text password to xpdf
Diffstat (limited to 'sdext/source')
-rw-r--r-- | sdext/source/pdfimport/filterdet.cxx | 4 | ||||
-rw-r--r-- | sdext/source/pdfimport/inc/pdfparse.hxx | 2 | ||||
-rw-r--r-- | sdext/source/pdfimport/pdfparse/pdfentries.cxx | 18 | ||||
-rwxr-xr-x | sdext/source/pdfimport/wrapper/wrapper.cxx | 13 | ||||
-rw-r--r-- | sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx | 19 |
5 files changed, 46 insertions, 10 deletions
diff --git a/sdext/source/pdfimport/filterdet.cxx b/sdext/source/pdfimport/filterdet.cxx index e9d58cfdb3b2..d5fcf30a803c 100644 --- a/sdext/source/pdfimport/filterdet.cxx +++ b/sdext/source/pdfimport/filterdet.cxx @@ -718,6 +718,8 @@ uno::Reference< io::XStream > getAdditionalStream( const rtl::OUString& rtl::OString aIsoPwd = rtl::OUStringToOString( io_rPwd, RTL_TEXTENCODING_ISO_8859_1 ); bAuthenticated = pPDFFile->setupDecryptionData( aIsoPwd.getStr() ); + // trash password string on heap + rtl_zeroMemory( (void*)aIsoPwd.getStr(), aIsoPwd.getLength() ); } if( ! bAuthenticated ) { @@ -745,6 +747,8 @@ uno::Reference< io::XStream > getAdditionalStream( const rtl::OUString& rtl::OString aIsoPwd = rtl::OUStringToOString( io_rPwd, RTL_TEXTENCODING_ISO_8859_1 ); bAuthenticated = pPDFFile->setupDecryptionData( aIsoPwd.getStr() ); + // trash password string on heap + rtl_zeroMemory( (void*)aIsoPwd.getStr(), aIsoPwd.getLength() ); } while( bEntered && ! bAuthenticated ); } diff --git a/sdext/source/pdfimport/inc/pdfparse.hxx b/sdext/source/pdfimport/inc/pdfparse.hxx index 4d19d9140a09..683c438bdf54 100644 --- a/sdext/source/pdfimport/inc/pdfparse.hxx +++ b/sdext/source/pdfimport/inc/pdfparse.hxx @@ -260,6 +260,8 @@ struct PDFFile : public PDFContainer bool decrypt( const sal_uInt8* pInBuffer, sal_uInt32 nLen, sal_uInt8* pOutBuffer, unsigned int nObject, unsigned int nGeneration ) const; + + rtl::OUString getDecryptionKey() const; }; struct PDFObject : public PDFContainer diff --git a/sdext/source/pdfimport/pdfparse/pdfentries.cxx b/sdext/source/pdfimport/pdfparse/pdfentries.cxx index 4b39b60d1c52..e741d7499915 100644 --- a/sdext/source/pdfimport/pdfparse/pdfentries.cxx +++ b/sdext/source/pdfimport/pdfparse/pdfentries.cxx @@ -32,6 +32,7 @@ #include <rtl/strbuf.hxx> #include <rtl/ustring.hxx> +#include <rtl/ustrbuf.hxx> #include <rtl/alloc.h> #include <rtl/digest.h> #include <rtl/cipher.h> @@ -1277,6 +1278,23 @@ bool PDFFile::setupDecryptionData( const OString& rPwd ) const return bValid; } +rtl::OUString PDFFile::getDecryptionKey() const +{ + rtl::OUStringBuffer aBuf( ENCRYPTION_KEY_LEN * 2 ); + if( impl_getData()->m_bIsEncrypted ) + { + for( sal_uInt32 i = 0; i < m_pData->m_nKeyLength; i++ ) + { + static const sal_Unicode pHexTab[16] = { '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; + aBuf.append( pHexTab[(m_pData->m_aDecryptionKey[i] >> 4) & 0x0f] ); + aBuf.append( pHexTab[(m_pData->m_aDecryptionKey[i] & 0x0f)] ); + } + + } + return aBuf.makeStringAndClear(); +} + PDFFileImplData* PDFFile::impl_getData() const { if( m_pData ) diff --git a/sdext/source/pdfimport/wrapper/wrapper.cxx b/sdext/source/pdfimport/wrapper/wrapper.cxx index 51817ce5eacf..f9255393ae6e 100755 --- a/sdext/source/pdfimport/wrapper/wrapper.cxx +++ b/sdext/source/pdfimport/wrapper/wrapper.cxx @@ -913,6 +913,8 @@ static bool checkEncryption( const rtl::OUString& rtl::OString aIsoPwd = rtl::OUStringToOString( io_rPwd, RTL_TEXTENCODING_ISO_8859_1 ); bAuthenticated = pPDFFile->setupDecryptionData( aIsoPwd.getStr() ); + // trash password string on heap + rtl_zeroMemory( (void*)aIsoPwd.getStr(), aIsoPwd.getLength() ); } if( bAuthenticated ) bSuccess = true; @@ -927,12 +929,23 @@ static bool checkEncryption( const rtl::OUString& rtl::OString aIsoPwd = rtl::OUStringToOString( io_rPwd, RTL_TEXTENCODING_ISO_8859_1 ); bAuthenticated = pPDFFile->setupDecryptionData( aIsoPwd.getStr() ); + // trash password string on heap + rtl_zeroMemory( (void*)aIsoPwd.getStr(), aIsoPwd.getLength() ); } while( bEntered && ! bAuthenticated ); } OSL_TRACE( "password: %s\n", bAuthenticated ? "matches" : "does not match" ); bSuccess = bAuthenticated; } + // trash password string on heap + rtl_zeroMemory( (void*)io_rPwd.getStr(), io_rPwd.getLength()*sizeof(sal_Unicode) ); + if( bAuthenticated ) + { + rtl::OUStringBuffer aBuf( 128 ); + aBuf.appendAscii( "_OOO_pdfi_Credentials_" ); + aBuf.append( pPDFFile->getDecryptionKey() ); + io_rPwd = aBuf.makeStringAndClear(); + } } else bSuccess = true; diff --git a/sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx b/sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx index 6011b6989576..e0c5763acac8 100644 --- a/sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx +++ b/sdext/source/pdfimport/xpdfwrapper/wrapper_gpl.cxx @@ -107,8 +107,8 @@ int main(int argc, char **argv) #endif // try to read a possible open password form stdin - char aPwBuf[34]; - aPwBuf[33] = 0; + char aPwBuf[129]; + aPwBuf[128] = 0; if( ! fgets( aPwBuf, sizeof(aPwBuf)-1, stdin ) ) aPwBuf[0] = 0; // mark as empty else @@ -132,14 +132,14 @@ int main(int argc, char **argv) // check for password string(s) - GooString* pOwnerPasswordStr( ownerPassword[0] != '\001' - ? new GooString(ownerPassword) - : (GooString *)NULL ); - GooString* pUserPasswordStr( aPwBuf[0] != 0 + GooString* pOwnerPasswordStr( aPwBuf[0] != 0 ? new GooString( aPwBuf ) - : ( userPassword[0] != '\001' - ? new GooString(userPassword) - : (GooString *)NULL ) ); + : (ownerPassword[0] != '\001' + ? new GooString(ownerPassword) + : (GooString *)NULL ) ); + GooString* pUserPasswordStr( userPassword[0] != '\001' + ? new GooString(userPassword) + : (GooString *)NULL ); if( outputFile[0] != '\001' ) g_binary_out = fopen(outputFile,"wb"); @@ -188,7 +188,6 @@ int main(int argc, char **argv) } else { - pdfi::PDFOutDev* pOutDev( new pdfi::PDFOutDev(&aDoc) ); // tell receiver early - needed for proper progress calculation |