diff options
author | Tor Lillqvist <tml@collabora.com> | 2015-02-24 17:39:29 +0200 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2015-03-05 16:45:14 +0100 |
commit | 5cf3b2d51cb439a07bc067fa401588d2d9ee6fae (patch) | |
tree | 634d0699e5d9d8bf600eae078eb423e4bdf4f7c4 /vcl | |
parent | 10dd512d4d6fa446dc7014ef9274a2565a834c08 (diff) |
tdf#84881: Bump MAX_SIGNATURE_CONTENT_LENGTH to 50000 for now
Note that checks in the code against exceeding that limit apparently are
broken, though. After the previous change I ended up with an invalid PDF where
the signature hex string in the output PDF had brutally overrun its
allocation.
Now Adobe Reader says "The signature includes an embedded timestamp but it
could not be verified". This is progress. Perhaps I just need to tell Adobe
Reader to trust the certificate from the TSA I used.
(cherry picked from commit ca2d878659400b783ae72267f47d0c719b50a1ad)
Conflicts:
vcl/source/gdi/pdfwriter_impl.cxx
Change-Id: I1e8644ee641592a985e0190b52bf76839f99b3e7
Diffstat (limited to 'vcl')
-rw-r--r-- | vcl/source/gdi/pdfwriter_impl.cxx | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index 3fc15fa421c9..10cbe473eb28 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -103,7 +103,20 @@ using namespace vcl; #endif #if !defined(ANDROID) && !defined(IOS) -#define MAX_SIGNATURE_CONTENT_LENGTH 0x4000 +// Is this length truly the maximum possible, or just a number that +// seemed large enough when the author tested this (with some type of +// certificates)? I suspect the latter. + +// Used to be 0x4000 = 16384, but a sample signed PDF (produced by +// some other software) provided by the customer has a signature +// content that is 30000 bytes. The SampleSignedPDFDocument.pdf from +// Adobe has one that is 21942 bytes. So let's be careful. Pity this +// can't be dynamic, at least not without restructuring the code. Also +// note that the checks in the code for this being too small +// apparently are broken, if this overflows you end up with an invalid +// PDF. Need to fix that. + +#define MAX_SIGNATURE_CONTENT_LENGTH 50000 #endif #ifdef DO_TEST_PDF |