[
https://issues.apache.org/jira/browse/PDFBOX-2082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Štěpán Schejbal updated PDFBOX-2082:
------------------------------------
Description:
The current check does not take "<>" into account, so if you are (un)lucky, the
signature overwrites ">" and corrupts the PDF.
Fix for 1.8:
{code}
diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
b/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
index 3165589..80fbad2 100644
--- a/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
+++ b/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
@@ -778,13 +778,15 @@ public class COSWriter implements ICOSVisitor, Closeable
SignatureInterface signatureInterface =
doc.getSignatureInterface();
byte[] sign = signatureInterface.sign(new
ByteArrayInputStream(pdfContent));
+ // this assumes that the dummy signature has been writen as
"<0000...>"
String signature = new COSString(sign).getHexString();
- int leftSignaturerange =
signaturePosition[1]-signaturePosition[0]-signature.length();
- if(leftSignaturerange<0)
+ int startPos = signaturePosition[0] + 1; // move past "<"
+ int endPos = signaturePosition[1] - 1; // move in front of ">"
+ if (startPos + signature.length() > endPos)
{
throw new IOException("Can't write signature, not enough
space");
}
- getStandardOutput().setPos(signaturePosition[0]+1);
+ getStandardOutput().setPos(startPos);
getStandardOutput().write(signature.getBytes());
}
}
{code}
Another thing is that pdfbox now allocates (2 * preferedSize + 2) for a
signature. It quite confused me to see 16k+4 bytes allocated when I called
setPreferedSignatureSize(4k) - it should have allocated 8k (each signature byte
takes 2 bytes in the pdf).
Fix for 1.8:
{code}
diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
b/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
index 358364a..23dd3ab 100644
--- a/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
+++ b/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
@@ -309,7 +309,7 @@ public class PDDocument implements Pageable, Closeable
int preferedSignatureSize = options.getPreferedSignatureSize();
if (preferedSignatureSize > 0)
{
- sigObject.setContents(new byte[preferedSignatureSize * 2 + 2]);
+ sigObject.setContents(new byte[preferedSignatureSize]);
}
else
{
{code}
was:
The current check does not take "<>" into account, so if you are (un)lucky, the
signature overwrites ">" and corrupts the PDF.
Fix for 1.8:
{code}
diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
b/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
index 3165589..755e849 100644
--- a/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
+++ b/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
@@ -779,12 +779,14 @@ public class COSWriter implements ICOSVisitor, Closeable
SignatureInterface signatureInterface =
doc.getSignatureInterface();
byte[] sign = signatureInterface.sign(new
ByteArrayInputStream(pdfContent));
String signature = new COSString(sign).getHexString();
+ ++signaturePosition[0]; // move past "<"
+ --signaturePosition[1]; // move in front of ">"
int leftSignaturerange =
signaturePosition[1]-signaturePosition[0]-signature.length();
if(leftSignaturerange<0)
{
throw new IOException("Can't write signature, not enough
space");
}
- getStandardOutput().setPos(signaturePosition[0]+1);
+ getStandardOutput().setPos(signaturePosition[0]);
getStandardOutput().write(signature.getBytes());
}
}
{code}
Another thing is that pdfbox now allocates (2 * preferedSize + 2) for a
signature. It quite confused me to see 16k+4 bytes allocated when I called
setPreferedSignatureSize(4k) - it should have allocated 8k (each signature byte
takes 2 bytes in the pdf).
Fix for 1.8:
{code}
diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
b/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
index 358364a..23dd3ab 100644
--- a/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
+++ b/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
@@ -309,7 +309,7 @@ public class PDDocument implements Pageable, Closeable
int preferedSignatureSize = options.getPreferedSignatureSize();
if (preferedSignatureSize > 0)
{
- sigObject.setContents(new byte[preferedSignatureSize * 2 + 2]);
+ sigObject.setContents(new byte[preferedSignatureSize]);
}
else
{
{code}
> signing corrupts PDF when signature exactly fits allocated space
> ----------------------------------------------------------------
>
> Key: PDFBOX-2082
> URL: https://issues.apache.org/jira/browse/PDFBOX-2082
> Project: PDFBox
> Issue Type: Bug
> Components: Writing
> Reporter: Štěpán Schejbal
> Priority: Critical
> Labels: patch
>
> The current check does not take "<>" into account, so if you are (un)lucky,
> the signature overwrites ">" and corrupts the PDF.
> Fix for 1.8:
> {code}
> diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
> b/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
> index 3165589..80fbad2 100644
> --- a/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
> +++ b/pdfbox/src/main/java/org/apache/pdfbox/pdfwriter/COSWriter.java
> @@ -778,13 +778,15 @@ public class COSWriter implements ICOSVisitor, Closeable
>
> SignatureInterface signatureInterface =
> doc.getSignatureInterface();
> byte[] sign = signatureInterface.sign(new
> ByteArrayInputStream(pdfContent));
> + // this assumes that the dummy signature has been writen as
> "<0000...>"
> String signature = new COSString(sign).getHexString();
> - int leftSignaturerange =
> signaturePosition[1]-signaturePosition[0]-signature.length();
> - if(leftSignaturerange<0)
> + int startPos = signaturePosition[0] + 1; // move past "<"
> + int endPos = signaturePosition[1] - 1; // move in front of ">"
> + if (startPos + signature.length() > endPos)
> {
> throw new IOException("Can't write signature, not enough
> space");
> }
> - getStandardOutput().setPos(signaturePosition[0]+1);
> + getStandardOutput().setPos(startPos);
> getStandardOutput().write(signature.getBytes());
> }
> }
> {code}
> Another thing is that pdfbox now allocates (2 * preferedSize + 2) for a
> signature. It quite confused me to see 16k+4 bytes allocated when I called
> setPreferedSignatureSize(4k) - it should have allocated 8k (each signature
> byte takes 2 bytes in the pdf).
> Fix for 1.8:
> {code}
> diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
> b/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
> index 358364a..23dd3ab 100644
> --- a/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
> +++ b/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java
> @@ -309,7 +309,7 @@ public class PDDocument implements Pageable, Closeable
> int preferedSignatureSize = options.getPreferedSignatureSize();
> if (preferedSignatureSize > 0)
> {
> - sigObject.setContents(new byte[preferedSignatureSize * 2 + 2]);
> + sigObject.setContents(new byte[preferedSignatureSize]);
> }
> else
> {
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
