Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(632)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/fpdfapi/parser/cpdf_security_handler.cpp

Issue 2463183002: Fix a memory leak in CPDF_SecurityHandler. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "core/fpdfapi/parser/cpdf_security_handler.h" 7 #include "core/fpdfapi/parser/cpdf_security_handler.h"
8 8
9 #include <time.h> 9 #include <time.h>
10 10
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after
342 CRYPT_SHA256Update(sha, password, size); 342 CRYPT_SHA256Update(sha, password, size);
343 CRYPT_SHA256Update(sha, pkey + 40, 8); 343 CRYPT_SHA256Update(sha, pkey + 40, 8);
344 if (bOwner) { 344 if (bOwner) {
345 CRYPT_SHA256Update(sha, ukey.raw_str(), 48); 345 CRYPT_SHA256Update(sha, ukey.raw_str(), 48);
346 } 346 }
347 CRYPT_SHA256Finish(sha, digest); 347 CRYPT_SHA256Finish(sha, digest);
348 } 348 }
349 CFX_ByteString ekey = m_pEncryptDict 349 CFX_ByteString ekey = m_pEncryptDict
350 ? m_pEncryptDict->GetStringFor(bOwner ? "OE" : "UE") 350 ? m_pEncryptDict->GetStringFor(bOwner ? "OE" : "UE")
351 : CFX_ByteString(); 351 : CFX_ByteString();
352 if (ekey.GetLength() < 32) { 352 if (ekey.GetLength() < 32)
353 return FALSE; 353 return FALSE;
354 } 354
355 uint8_t* aes = FX_Alloc(uint8_t, 2048); 355 std::vector<uint8_t> aes(2048);
356 CRYPT_AESSetKey(aes, 16, digest, 32, FALSE); 356 CRYPT_AESSetKey(aes.data(), 16, digest, 32, FALSE);
357 uint8_t iv[16]; 357 uint8_t iv[16];
358 FXSYS_memset(iv, 0, 16); 358 FXSYS_memset(iv, 0, 16);
359 CRYPT_AESSetIV(aes, iv); 359 CRYPT_AESSetIV(aes.data(), iv);
360 CRYPT_AESDecrypt(aes, key, ekey.raw_str(), 32); 360 CRYPT_AESDecrypt(aes.data(), key, ekey.raw_str(), 32);
361 CRYPT_AESSetKey(aes, 16, key, 32, FALSE); 361 CRYPT_AESSetKey(aes.data(), 16, key, 32, FALSE);
362 CRYPT_AESSetIV(aes, iv); 362 CRYPT_AESSetIV(aes.data(), iv);
363 CFX_ByteString perms = m_pEncryptDict->GetStringFor("Perms"); 363 CFX_ByteString perms = m_pEncryptDict->GetStringFor("Perms");
364 if (perms.IsEmpty()) { 364 if (perms.IsEmpty())
365 return FALSE; 365 return FALSE;
366 } 366
367 uint8_t perms_buf[16]; 367 uint8_t perms_buf[16];
368 FXSYS_memset(perms_buf, 0, sizeof(perms_buf)); 368 FXSYS_memset(perms_buf, 0, sizeof(perms_buf));
369 uint32_t copy_len = sizeof(perms_buf); 369 size_t copy_len =
370 if (copy_len > (uint32_t)perms.GetLength()) { 370 std::min(sizeof(perms_buf), static_cast<size_t>(perms.GetLength()));
371 copy_len = perms.GetLength();
372 }
373 FXSYS_memcpy(perms_buf, perms.raw_str(), copy_len); 371 FXSYS_memcpy(perms_buf, perms.raw_str(), copy_len);
374 uint8_t buf[16]; 372 uint8_t buf[16];
375 CRYPT_AESDecrypt(aes, buf, perms_buf, 16); 373 CRYPT_AESDecrypt(aes.data(), buf, perms_buf, 16);
376 FX_Free(aes); 374 if (buf[9] != 'a' || buf[10] != 'd' || buf[11] != 'b')
377 if (buf[9] != 'a' || buf[10] != 'd' || buf[11] != 'b') {
378 return FALSE; 375 return FALSE;
379 } 376
380 if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions) { 377 if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions)
381 return FALSE; 378 return FALSE;
382 } 379
383 if ((buf[8] == 'T' && !IsMetadataEncrypted()) || 380 bool encrypted = IsMetadataEncrypted();
384 (buf[8] == 'F' && IsMetadataEncrypted())) { 381 if ((buf[8] == 'T' && !encrypted) || (buf[8] == 'F' && encrypted))
385 return FALSE; 382 return FALSE;
386 }
387 return TRUE; 383 return TRUE;
388 } 384 }
389 385
390 FX_BOOL CPDF_SecurityHandler::CheckPassword(const uint8_t* password, 386 FX_BOOL CPDF_SecurityHandler::CheckPassword(const uint8_t* password,
391 uint32_t size, 387 uint32_t size,
392 FX_BOOL bOwner, 388 FX_BOOL bOwner,
393 uint8_t* key, 389 uint8_t* key,
394 int32_t key_len) { 390 int32_t key_len) {
395 if (m_Revision >= 5) 391 if (m_Revision >= 5)
396 return AES256_CheckPassword(password, size, bOwner, key); 392 return AES256_CheckPassword(password, size, bOwner, key);
(...skipping 293 matching lines...) Expand 10 before | Expand all | Expand 10 after
690 buf[11] = 'b'; 686 buf[11] = 'b';
691 uint8_t* aes = FX_Alloc(uint8_t, 2048); 687 uint8_t* aes = FX_Alloc(uint8_t, 2048);
692 CRYPT_AESSetKey(aes, 16, key, 32, TRUE); 688 CRYPT_AESSetKey(aes, 16, key, 32, TRUE);
693 uint8_t iv[16], buf1[16]; 689 uint8_t iv[16], buf1[16];
694 FXSYS_memset(iv, 0, 16); 690 FXSYS_memset(iv, 0, 16);
695 CRYPT_AESSetIV(aes, iv); 691 CRYPT_AESSetIV(aes, iv);
696 CRYPT_AESEncrypt(aes, buf1, buf, 16); 692 CRYPT_AESEncrypt(aes, buf1, buf, 16);
697 FX_Free(aes); 693 FX_Free(aes);
698 pEncryptDict->SetStringFor("Perms", CFX_ByteString(buf1, 16)); 694 pEncryptDict->SetStringFor("Perms", CFX_ByteString(buf1, 16));
699 } 695 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698