Allow /P in encryption dictionary to be positive (fixes #382)

Even though this is disallowed by the spec, files like this have been encountered in the wild.

Allow /P in encryption dictionary to be positive (fixes #382)
Even though this is disallowed by the spec, files like this have been encountered in the wild.
Jay Berkenbilt
1 parent b997fa53
Showing 8 changed files with 80 additions and 3 deletions
ChangeLog
libqpdf/QPDFPageObjectHelper.cc
libqpdf/QPDFWriter.cc
libqpdf/QPDF_encryption.cc
qpdf/qtest/qpdf.test
qpdf/qtest/qpdf/copied-positive-P.pdf
qpdf/qtest/qpdf/decrypted-positive-P.pdf
qpdf/qtest/qpdf/encrypted-positive-P.pdf
+2019-11-09  Jay Berkenbilt  <ejb@ql.org>
+
+	* When reading /P from the encryption dictionary, use static_cast
+	instead of QIntC to convert the value to a signed integer. The
+	value of /P is a bit field, and PDF files have been found in the
+	wild where /P is represented as an unsigned integer even though
+	the spec states that it is a signed 32-bit value. By using
+	static_cast, we allow qpdf to compensate for writers that
+	incorrectly represent the correct bit field as an unsigned value.
+	Fixes #382.
+
 2019-11-05  Jay Berkenbilt  <ejb@ql.org>
  
 	* Add support for pluggable crypto providers, enabling multiple
@@ -661,6 +661,7 @@ QPDFPageObjectHelper::getFormXObjectForPage(bool handle_transformations)
     return result;
 }
  
+// ABI: name should be std:string const&
 std::string
 QPDFPageObjectHelper::placeFormXObject(
     QPDFObjectHandle fo, std::string name,
@@ -762,7 +762,7 @@ QPDFWriter::copyEncryptionParameters(QPDF&amp; qpdf)
 	    V,
 	    encrypt.getKey("/R").getIntValueAsInt(),
     	    key_len,
-	    encrypt.getKey("/P").getIntValueAsInt(),
+	    static_cast<int>(encrypt.getKey("/P").getIntValue()),
 	    encrypt.getKey("/O").getStringValue(),
 	    encrypt.getKey("/U").getStringValue(),
             OE,
@@ -877,7 +877,7 @@ QPDF::initializeEncryption()
     int R = encryption_dict.getKey("/R").getIntValueAsInt();
     std::string O = encryption_dict.getKey("/O").getStringValue();
     std::string U = encryption_dict.getKey("/U").getStringValue();
-    int P = encryption_dict.getKey("/P").getIntValueAsInt();
+    int P = static_cast<int>(encryption_dict.getKey("/P").getIntValue());
  
     // If supporting new encryption R/V values, remember to update
     // error message inside this if statement.
@@ -1448,7 +1448,7 @@ QPDF::isEncrypted(int&amp; R, int&amp; P, int&amp; V,
 	QPDFObjectHandle Pkey = encrypt.getKey("/P");
 	QPDFObjectHandle Rkey = encrypt.getKey("/R");
         QPDFObjectHandle Vkey = encrypt.getKey("/V");
-	P = Pkey.getIntValueAsInt();
+	P = static_cast<int>(Pkey.getIntValue());
 	R = Rkey.getIntValueAsInt();
         V = Vkey.getIntValueAsInt();
         stream_method = this->m->encp->cf_stream;
@@ -721,6 +721,32 @@ foreach my $d (@bug_tests)
 }
 show_ntests();
 # ----------
+$td->notify("--- Positive /P in encryption dictionary ---");
+$n_tests += 4;
+
+# Files have been seen where /P in the encryption dictionary was an
+# unsigned rather than a signed integer. To create
+# encrypted-positive-P.pdf, I temporarily modified QPDFWriter.cc to
+# introduce this error.
+
+$td->runtest("decrypt positive P",
+	     {$td->COMMAND =>
+                  "qpdf --decrypt --static-id encrypted-positive-P.pdf a.pdf"},
+	     {$td->STRING => "", $td->EXIT_STATUS => 0});
+$td->runtest("check output",
+	     {$td->FILE => "a.pdf"},
+	     {$td->FILE => "decrypted-positive-P.pdf"});
+$td->runtest("copy encryption positive P",
+	     {$td->COMMAND =>
+                  "qpdf --static-id --static-aes-iv" .
+                  " encrypted-positive-P.pdf a.pdf"},
+	     {$td->STRING => "", $td->EXIT_STATUS => 0});
+$td->runtest("check output",
+	     {$td->FILE => "a.pdf"},
+	     {$td->FILE => "copied-positive-P.pdf"});
+
+show_ntests();
+# ----------
 $td->notify("--- Library version ---");
 $n_tests += 3;