diff options
author | Jay Berkenbilt <ejb@ql.org> | 2015-02-21 23:30:45 +0100 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2015-02-21 23:51:08 +0100 |
commit | 28a9df5119af12d6d97edf4fa97f88ce23865096 (patch) | |
tree | 194fbf3aebac4d2cd8250a581b6d7daca807c4b0 /libqpdf | |
parent | c729e07d55c870e7e08f158f0a80a3d452c59cdc (diff) | |
download | qpdf-28a9df5119af12d6d97edf4fa97f88ce23865096.tar.zst |
Avoid buffer overrun copying digest
Converting a password to an encryption key is supposed to copy up to a
certain number of bytes from a digest. Make sure never to copy more
than the size of the digest.
Diffstat (limited to 'libqpdf')
-rw-r--r-- | libqpdf/QPDF_encryption.cc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libqpdf/QPDF_encryption.cc b/libqpdf/QPDF_encryption.cc index 23284809..71c28d0e 100644 --- a/libqpdf/QPDF_encryption.cc +++ b/libqpdf/QPDF_encryption.cc @@ -428,7 +428,9 @@ QPDF::compute_encryption_key_from_password( } MD5::Digest digest; iterate_md5_digest(md5, digest, ((data.getR() >= 3) ? 50 : 0)); - return std::string(reinterpret_cast<char*>(digest), data.getLengthBytes()); + return std::string(reinterpret_cast<char*>(digest), + std::min(static_cast<int>(sizeof(digest)), + data.getLengthBytes())); } static void |