Group :: Publishing
RPM: tetex
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: teTeX-CVE-2005-0064.patch
Download
Download
--- tetex-bin-2.0.2-CVS/libs/xpdf/xpdf/Decrypt.cc.orig Tue Jan 18 19:26:21 2005
+++ tetex-bin-2.0.2-CVS/libs/xpdf/xpdf/Decrypt.cc Tue Jan 18 19:30:30 2005
@@ -69,11 +69,17 @@
Guchar test[32], test2[32];
GString *userPassword2;
Guchar fState[256];
- Guchar tmpKey[16];
+ Guchar *tmpKey;
Guchar fx, fy;
int len, i, j;
+ // check whether we have non-zero keyLength
+ if ( !keyLength ) {
+ return gFalse;
+ }
+
// try using the supplied owner password to generate the user password
+ tmpKey = (Guchar *)gmalloc(keyLength * sizeof(Guchar));
if (ownerPassword) {
len = ownerPassword->getLength();
if (len < 32) {
@@ -120,6 +126,8 @@
*ownerPasswordOk = gFalse;
delete userPassword2;
+ gfree(tmpKey);
+
// try using the supplied user password
return makeFileKey2(encVersion, encRevision, keyLength, ownerKey, userKey,
permissions, fileID, userPassword, fileKey);
@@ -132,13 +140,19 @@
Guchar *buf;
Guchar test[32];
Guchar fState[256];
- Guchar tmpKey[16];
+ Guchar *tmpKey;
Guchar fx, fy;
int len, i, j;
GBool ok;
+ // check whether we have non-zero keyLength
+ if ( !keyLength ) {
+ return gFalse;
+ }
+
// generate file key
buf = (Guchar *)gmalloc(68 + fileID->getLength());
+ tmpKey = (Guchar *)gmalloc(keyLength * sizeof(Guchar));
if (userPassword) {
len = userPassword->getLength();
if (len < 32) {
@@ -191,6 +205,7 @@
ok = gFalse;
}
+ gfree(tmpKey);
gfree(buf);
return ok;
}