Sebastian Fieber created PDFBOX-5175:
----------------------------------------
Summary: Behaviour change in 2.0.20 due to use of
IOUtils.populateBuffer in SecurityHandler.prepareAESInitializationVector
leading to IOException for certain PDF
Key: PDFBOX-5175
URL: https://issues.apache.org/jira/browse/PDFBOX-5175
Project: PDFBox
Issue Type: Bug
Components: Parsing
Affects Versions: 2.0.23, 2.0.21, 2.0.20
Reporter: Sebastian Fieber
We have a PDF file which we cannot share which has a cerification signature
from Adobe.
Prior version 2.0.20 this PDF could be loaded and analyzed. From version 2.0.20
and newer calling the load method from PDDocument results in a IOException.
We tracked down the problem why this was not happening in 2.0.19 and found out
the populateBuffer method changes the behaviour of the
prepareAESInitializationVector method.
Before the code looked like this:
{code:java}
if (decrypt)
{
// read IV from stream
int ivSize = data.read(iv);
if (ivSize == -1)
{
return false;
}
if (ivSize != iv.length)
{
throw new IOException(
"AES initialization vector not fully read: only "
+ ivSize + " bytes read instead of " +
iv.length);
}
{code}
if data was empty -1 was returned from the read call and the method returned
false and everything went on okay. 2.0.20 introduced changes this line to:
{code:java}
int ivSize = (int) IOUtils.populateBuffer(data, iv);
if (ivSize == -1) {
return false;
}
{code}
Due to the if condition being still there we are not quite sure if this was
intentional.
populateBuffer will never return -1 but anything >= 0.
So either this is unintentionally than this is a bug and the if clause should
check for 0 bytes read. Or this is intentional and the if clause is obsolete as
well as the boolean return value.
Here is a stacktrace (no line numbers, sorry):
{code:java}
Caused by: java.io.IOException: AES initialization vector not fully read: only
0 bytes read instead of 16
at
[email protected]/org.apache.pdfbox.pdmodel.encryption.SecurityHandler.prepareAESInitializationVector(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdmodel.encryption.SecurityHandler.encryptDataAESother(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdmodel.encryption.SecurityHandler.encryptData(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdmodel.encryption.SecurityHandler.decryptStream(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdfparser.COSParser.parseFileObject(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdfparser.COSParser.parseDictObjects(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdfparser.PDFParser.initialParse(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdfparser.PDFParser.parse(Unknown
Source)
at
[email protected]/org.apache.pdfbox.pdmodel.PDDocument.load(Unknown
Source)
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
