diff options
author | Jay Berkenbilt <ejb@ql.org> | 2015-02-21 23:30:45 +0100 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2015-02-21 23:51:08 +0100 |
commit | 28a9df5119af12d6d97edf4fa97f88ce23865096 (patch) | |
tree | 194fbf3aebac4d2cd8250a581b6d7daca807c4b0 /ChangeLog | |
parent | c729e07d55c870e7e08f158f0a80a3d452c59cdc (diff) | |
download | qpdf-28a9df5119af12d6d97edf4fa97f88ce23865096.tar.zst |
Avoid buffer overrun copying digest
Converting a password to an encryption key is supposed to copy up to a
certain number of bytes from a digest. Make sure never to copy more
than the size of the digest.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -1,5 +1,10 @@ 2015-02-21 Jay Berkenbilt <ejb@ql.org> + * Prevent buffer overrun when converting a password to an + encryption key. Thanks to Gynvael Coldwind and Mateusz Jurczyk of + the Google Security Team for providing a sample file with this + problem. + * Ensure that arguments to "R" when parsing the file are direct objects before trying to resolve them. This prevents specially crafted files from causing qpdf to crash with a stack overflow. |