diff options
-rw-r--r-- | include/qpdf/QPDFEFStreamObjectHelper.hh | 8 | ||||
-rw-r--r-- | libqpdf/QPDFEFStreamObjectHelper.cc | 2 |
2 files changed, 7 insertions, 3 deletions
diff --git a/include/qpdf/QPDFEFStreamObjectHelper.hh b/include/qpdf/QPDFEFStreamObjectHelper.hh index b39b6a7a..7c943453 100644 --- a/include/qpdf/QPDFEFStreamObjectHelper.hh +++ b/include/qpdf/QPDFEFStreamObjectHelper.hh @@ -57,9 +57,11 @@ class QPDFEFStreamObjectHelper: public QPDFObjectHelper // Subtype is a mime type such as "text/plain" QPDF_DLL std::string getSubtype(); - // Return the MD5 checksum as stored in the object as a binary - // string. This does not check consistency with the data. If not - // present, return an empty string. + // Return the checksum as stored in the object as a binary string. + // This does not check consistency with the data. If not present, + // return an empty string. The PDF spec specifies this as an MD5 + // checksum and notes that it is not to be used for security + // purposes since MD5 is known not to be secure. QPDF_DLL std::string getChecksum(); diff --git a/libqpdf/QPDFEFStreamObjectHelper.cc b/libqpdf/QPDFEFStreamObjectHelper.cc index 5810cf37..cbfe47a3 100644 --- a/libqpdf/QPDFEFStreamObjectHelper.cc +++ b/libqpdf/QPDFEFStreamObjectHelper.cc @@ -139,6 +139,8 @@ QPDFEFStreamObjectHelper::newFromStream(QPDFObjectHandle stream) stream.getDict().replaceKey( "/Type", QPDFObjectHandle::newName("/EmbeddedFile")); Pl_Discard discard; + // The PDF spec specifies use of MD5 here and notes that it is not + // to be used for security. MD5 is known to be insecure. Pl_MD5 md5("EF md5", &discard); Pl_Count count("EF size", &md5); if (!stream.pipeStreamData(&count, nullptr, 0, qpdf_dl_all)) { |