Add more checks to the encryption/decryption logic #399
+29
−9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a few more commits to harden the encryption/decryption logic in lopdf a bit more against invalid inputs.
The first commit ensures that the file encryption length is always 128 bits. It basically sets the Length file to 128 bits and removes the explicit length field in
EncryptionVersion::V4.The second commit adds checks to the AES crypt filters to ensure that the key length is 16 bytes for 128-bit AES and 32 bytes for 256-bit AES and returns errors (instead of potentially causing a panic).
The third commit removes
.unwrap()in the AES crypt filters when invalid padding is encountered. This can happen during decryption when the file encryption key is simply not the actual file encryption key that was used to encrypt the streams (e.g., in PDF 2.0 it is possible to store a file encryption key different from the one used to encrypt the streams). This fixes #398. I have also replaced.unwrap()when encrypting which can also theoretically result in padding errors, but shouldn't practically occur (but it just better to return an error rather than causing a panic).