reopen 291250
thanks
Hi,
the previous fix for CAN-2005-0064 was taken from xpdf, which didn't
address this vulnerability completely. Attached you can find a dpatch
that adds the missing range limitation.
Cheers,
Moritz
#!/bin/sh -e
## Additional fix for CAN-2005-0064
##
## DP: Patch to fix an integer overflows in xpdf code.
## DP: This patch handles xpdf/Xref.cc
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
if [ $# -ne 1 ]; then
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
fi
case "$1" in
-patch) patch $patch_opts -p1 < $0;;
-unpatch) patch $patch_opts -p1 -R < $0;;
*)
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1;;
esac
exit 0
@DPATCH@
--- pdftohtml-0.36.orig/xpdf/XRef.cc 2003-06-25 00:41:27.000000000 +0200
+++ pdftohtml-0.36/xpdf/XRef.cc 2005-04-05 15:48:09.000000000 +0200
@@ -486,6 +486,9 @@
} else {
keyLength = 5;
}
+ if (keyLength > 16) {
+ keyLength = 16;
+ }
permFlags = permissions.getInt();
if (encVersion >= 1 && encVersion <= 2 &&
encRevision >= 2 && encRevision <= 3) {
