From 64e98397104f3fff759c27eb40092085e287755e Mon Sep 17 00:00:00 2001 From: m-holger Date: Fri, 8 Nov 2024 12:44:36 +0000 Subject: [PATCH] Validate key length in Pl_AES_PDF constructor --- fuzz/CMakeLists.txt | 1 + fuzz/qpdf_extra/377977949.fuzz | Bin 0 -> 1041 bytes fuzz/qtest/fuzz.test | 2 +- libqpdf/Pl_AES_PDF.cc | 3 +++ 4 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 fuzz/qpdf_extra/377977949.fuzz diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index daacf03..6b3cccf 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -149,6 +149,7 @@ set(CORPUS_OTHER 99999e.fuzz 369662293.fuzz 369662293a.fuzz + 377977949.fuzz ) set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) diff --git a/fuzz/qpdf_extra/377977949.fuzz b/fuzz/qpdf_extra/377977949.fuzz new file mode 100644 index 0000000..bb35598 Binary files /dev/null and b/fuzz/qpdf_extra/377977949.fuzz differ diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test index 6448d5f..efffdc6 100644 --- a/fuzz/qtest/fuzz.test +++ b/fuzz/qtest/fuzz.test @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; -my $n_qpdf_files = 86; # increment when adding new files +my $n_qpdf_files = 87; # increment when adding new files my @fuzzers = ( ['ascii85' => 1], diff --git a/libqpdf/Pl_AES_PDF.cc b/libqpdf/Pl_AES_PDF.cc index d621bdd..8b3982b 100644 --- a/libqpdf/Pl_AES_PDF.cc +++ b/libqpdf/Pl_AES_PDF.cc @@ -23,6 +23,9 @@ Pl_AES_PDF::Pl_AES_PDF( if (!next) { throw std::logic_error("Attempt to create Pl_AES_PDF with nullptr as next"); } + if (!(key_bytes == 32 || key_bytes == 16)) { + throw std::runtime_error("unsupported key length"); + } this->key = std::make_unique(key_bytes); std::memcpy(this->key.get(), key, key_bytes); std::memset(this->inbuf, 0, this->buf_size); -- libgit2 0.21.4