summaryrefslogtreecommitdiff
path: root/xmlsecurity
diff options
context:
space:
mode:
authorMiklos Vajna <vmiklos@collabora.co.uk>2016-12-01 15:30:25 +0100
committerMiklos Vajna <vmiklos@collabora.co.uk>2016-12-01 19:34:52 +0000
commitb1f91c0a04dd751d4f6cb8352bcbaa16c9388285 (patch)
treeca017fb7230211cc53a5589408c929a6be55b271 /xmlsecurity
parentcdf2ae1b6611976816fa60aae370893657c622d0 (diff)
xmlsecurity PDF verify: handle no EOL at EOF
From a comment's point of view, EOF is just a terminator, similar to \r or \n. Change-Id: I120bf1e75f1eb81a550af643051e6fc472873eff Reviewed-on: https://gerrit.libreoffice.org/31499 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Diffstat (limited to 'xmlsecurity')
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/data/noeol.pdfbin0 -> 83693 bytes
-rw-r--r--xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx2
-rw-r--r--xmlsecurity/source/pdfio/pdfdocument.cxx42
3 files changed, 41 insertions, 3 deletions
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/noeol.pdf b/xmlsecurity/qa/unit/pdfsigning/data/noeol.pdf
new file mode 100644
index 000000000000..d870f896cab0
--- /dev/null
+++ b/xmlsecurity/qa/unit/pdfsigning/data/noeol.pdf
Binary files differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 945bfd3298e3..6e5e476532ee 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -392,6 +392,8 @@ void PDFSigningTest::testTokenize()
OUStringLiteral("cr-comment.pdf"),
// ']' in a name token was mishandled.
OUStringLiteral("name-bracket.pdf"),
+ // %%EOF at the end wasn't followed by a newline.
+ OUStringLiteral("noeol.pdf"),
};
for (const auto& rName : aNames)
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 1c949b161ee3..3adf02562cf3 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -1009,7 +1009,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
rElements.push_back(std::unique_ptr<PDFElement>(pComment));
rStream.SeekRel(-1);
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFCommentElement::Read() failed");
return false;
+ }
if (eMode == TokenizeMode::EOF_TOKEN && !m_aEOFs.empty() && m_aEOFs.back() == rStream.Tell())
{
// Found EOF and partial parsing requested, we're done.
@@ -1030,7 +1033,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
else
rElements.push_back(std::unique_ptr<PDFElement>(new PDFHexStringElement()));
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFDictionaryElement::Read() failed");
return false;
+ }
break;
}
case '>':
@@ -1039,7 +1045,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
--nDictionaryDepth;
rStream.SeekRel(-1);
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFEndDictionaryElement::Read() failed");
return false;
+ }
break;
}
case '[':
@@ -1055,7 +1064,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
}
rStream.SeekRel(-1);
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFArrayElement::Read() failed");
return false;
+ }
break;
}
case ']':
@@ -1064,7 +1076,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
pArray = nullptr;
rStream.SeekRel(-1);
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFEndArrayElement::Read() failed");
return false;
+ }
break;
}
case '/':
@@ -1073,7 +1088,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
rElements.push_back(std::unique_ptr<PDFElement>(pNameElement));
rStream.SeekRel(-1);
if (!pNameElement->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFNameElement::Read() failed");
return false;
+ }
if (pObject && pObjectKey && pObjectKey->GetValue() == "Type" && pNameElement->GetValue() == "ObjStm")
pObjectStream = pObject;
else
@@ -1085,7 +1103,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
rElements.push_back(std::unique_ptr<PDFElement>(new PDFLiteralStringElement()));
rStream.SeekRel(-1);
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFLiteralStringElement::Read() failed");
return false;
+ }
break;
}
default:
@@ -1097,7 +1118,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
rElements.push_back(std::unique_ptr<PDFElement>(pNumberElement));
rStream.SeekRel(-1);
if (!pNumberElement->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFNumberElement::Read() failed");
return false;
+ }
if (bInStartXRef)
{
bInStartXRef = false;
@@ -1147,7 +1171,10 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
pArray->PushBack(rElements.back().get());
}
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFElement::Read() failed");
return false;
+ }
}
else if (aKeyword == "stream")
{
@@ -1189,19 +1216,28 @@ bool PDFDocument::Tokenize(SvStream& rStream, TokenizeMode eMode, std::vector< s
pObject->SetStream(pStreamElement);
rElements.push_back(std::unique_ptr<PDFElement>(pStreamElement));
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFStreamElement::Read() failed");
return false;
+ }
}
else if (aKeyword == "endstream")
{
rElements.push_back(std::unique_ptr<PDFElement>(new PDFEndStreamElement()));
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFEndStreamElement::Read() failed");
return false;
+ }
}
else if (aKeyword == "endobj")
{
rElements.push_back(std::unique_ptr<PDFElement>(new PDFEndObjectElement()));
if (!rElements.back()->Read(rStream))
+ {
+ SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Tokenize: PDFEndObjectElement::Read() failed");
return false;
+ }
if (eMode == TokenizeMode::END_OF_OBJECT)
{
// Found endobj and only object parsing was requested, we're done.
@@ -2619,13 +2655,13 @@ PDFCommentElement::PDFCommentElement(PDFDocument& rDoc)
bool PDFCommentElement::Read(SvStream& rStream)
{
- // Read from (including) the % char till (excluding) the end of the line.
+ // Read from (including) the % char till (excluding) the end of the line/stream.
OStringBuffer aBuf;
char ch;
rStream.ReadChar(ch);
- while (!rStream.IsEof())
+ while (true)
{
- if (ch == '\n' || ch == '\r')
+ if (ch == '\n' || ch == '\r' || rStream.IsEof())
{
m_aComment = aBuf.makeStringAndClear();