Merge pull request #1308 from m-holger/fuzz

Validate key length in Pl_AES_PDF constructor

Merge pull request #1308 from m-holger/fuzz
Validate key length in Pl_AES_PDF constructor
m-holger · GitHub
2 parents 54cf0e51 64e98397
Showing 4 changed files with 5 additions and 1 deletions
fuzz/CMakeLists.txt
fuzz/qpdf_extra/377977949.fuzz
fuzz/qtest/fuzz.test
libqpdf/Pl_AES_PDF.cc
@@ -149,6 +149,7 @@ set(CORPUS_OTHER
   99999e.fuzz
   369662293.fuzz
   369662293a.fuzz
+  377977949.fuzz
 )
  
 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
@@ -11,7 +11,7 @@ my $td = new TestDriver(&#39;fuzz&#39;);
  
 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
  
-my $n_qpdf_files = 86;       # increment when adding new files
+my $n_qpdf_files = 87;       # increment when adding new files
  
 my @fuzzers = (
     ['ascii85' => 1],
@@ -23,6 +23,9 @@ Pl_AES_PDF::Pl_AES_PDF(
     if (!next) {
         throw std::logic_error("Attempt to create Pl_AES_PDF with nullptr as next");
     }
+    if (!(key_bytes == 32 || key_bytes == 16)) {
+        throw std::runtime_error("unsupported key length");
+    }
     this->key = std::make_unique<unsigned char[]>(key_bytes);
     std::memcpy(this->key.get(), key, key_bytes);
     std::memset(this->inbuf, 0, this->buf_size);