[jira] [Updated] (PDFBOX-4822) Off-by-one error in PDSignature.getConvertedContents()
[
https://issues.apache.org/jira/browse/PDFBOX-4822?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Lehmkühler updated PDFBOX-4822:
---
Fix Version/s: 1.8.17
> Off-by-one error in PDSignature.getConvertedContents()
> --
>
> Key: PDFBOX-4822
> URL: https://issues.apache.org/jira/browse/PDFBOX-4822
> Project: PDFBox
> Issue Type: Bug
> Components: PDModel, Signing
>Affects Versions: 2.0.19
>Reporter: Gábor Stefanik
>Assignee: Tilman Hausherr
>Priority: Major
> Fix For: 1.8.17, 2.0.20, 3.0.0 PDFBox
>
>
> In PDSignature.java, we have the following function:
> {code:java}
> private byte[] getConvertedContents(InputStream is) throws IOException
> {
> ByteArrayOutputStream byteOS = new ByteArrayOutputStream(1024);
> byte[] buffer = new byte[1024];
> int c;
> while ((c = is.read(buffer)) != -1)
> {
> // Filter < and (
> if(buffer[0]==0x3C || buffer[0]==0x28)
> {
> byteOS.write(buffer, 1, c); // ERROR: may read buffer[1024],
> which doesn't exist!
> }
> // Filter > and )
> else if(buffer[c-1]==0x3E || buffer[c-1]==0x29)
> {
> byteOS.write(buffer, 0, c-1);
> }
> else
> {
> byteOS.write(buffer, 0, c);
> }
> }
> is.close();return
> COSString.parseHex(byteOS.toString("ISO-8859-1")).getBytes();
> }
> {code}
>
> If c = 1024 (i.e. is.read() fills the buffer completely), and the first byte
> is 0x3C or 0x28, we try to read the 1025th byte of the buffer, and hit an
> IndexOutOfBoundsException:
> {noformat}
> java.lang.IndexOutOfBoundsException: Range [1, 1 + 1024) out of bounds for
> length 1024
> at jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
> ~[?:?]
> at
> jdk.internal.util.Preconditions.outOfBoundsCheckFromIndexSize(Preconditions.java:82)
> ~[?:?]
> at
> jdk.internal.util.Preconditions.checkFromIndexSize(Preconditions.java:343)
> ~[?:?]
> at java.util.Objects.checkFromIndexSize(Objects.java:424) ~[?:?]
> at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:155)
> ~[?:?]
> at
> org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getConvertedContents(PDSignature.java:348)
> ~[pdfbox-2.0.19.jar:2.0.19]
> at
> org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getContents(PDSignature.java:335)
> ~[pdfbox-2.0.19.jar:2.0.19]{noformat}
>
> By changing the first byteOS.write call to this:
> {code:java}
> byteOS.write(buffer, 1, c-1);
> {code}
> the problem is fixed.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Updated] (PDFBOX-4822) Off-by-one error in PDSignature.getConvertedContents()
[
https://issues.apache.org/jira/browse/PDFBOX-4822?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-4822:
Component/s: Signing
> Off-by-one error in PDSignature.getConvertedContents()
> --
>
> Key: PDFBOX-4822
> URL: https://issues.apache.org/jira/browse/PDFBOX-4822
> Project: PDFBox
> Issue Type: Bug
> Components: PDModel, Signing
>Affects Versions: 2.0.19
>Reporter: Gábor Stefanik
>Priority: Major
> Fix For: 2.0.20, 3.0.0 PDFBox
>
>
> In PDSignature.java, we have the following function:
> {code:java}
> private byte[] getConvertedContents(InputStream is) throws IOException
> {
> ByteArrayOutputStream byteOS = new ByteArrayOutputStream(1024);
> byte[] buffer = new byte[1024];
> int c;
> while ((c = is.read(buffer)) != -1)
> {
> // Filter < and (
> if(buffer[0]==0x3C || buffer[0]==0x28)
> {
> byteOS.write(buffer, 1, c); // ERROR: may read buffer[1024],
> which doesn't exist!
> }
> // Filter > and )
> else if(buffer[c-1]==0x3E || buffer[c-1]==0x29)
> {
> byteOS.write(buffer, 0, c-1);
> }
> else
> {
> byteOS.write(buffer, 0, c);
> }
> }
> is.close();return
> COSString.parseHex(byteOS.toString("ISO-8859-1")).getBytes();
> }
> {code}
>
> If c = 1024 (i.e. is.read() fills the buffer completely), and the first byte
> is 0x3C or 0x28, we try to read the 1025th byte of the buffer, and hit an
> IndexOutOfBoundsException:
> {noformat}
> java.lang.IndexOutOfBoundsException: Range [1, 1 + 1024) out of bounds for
> length 1024
> at jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
> ~[?:?]
> at
> jdk.internal.util.Preconditions.outOfBoundsCheckFromIndexSize(Preconditions.java:82)
> ~[?:?]
> at
> jdk.internal.util.Preconditions.checkFromIndexSize(Preconditions.java:343)
> ~[?:?]
> at java.util.Objects.checkFromIndexSize(Objects.java:424) ~[?:?]
> at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:155)
> ~[?:?]
> at
> org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getConvertedContents(PDSignature.java:348)
> ~[pdfbox-2.0.19.jar:2.0.19]
> at
> org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getContents(PDSignature.java:335)
> ~[pdfbox-2.0.19.jar:2.0.19]{noformat}
>
> By changing the first byteOS.write call to this:
> {code:java}
> byteOS.write(buffer, 1, c-1);
> {code}
> the problem is fixed.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Updated] (PDFBOX-4822) Off-by-one error in PDSignature.getConvertedContents()
[
https://issues.apache.org/jira/browse/PDFBOX-4822?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-4822:
Fix Version/s: 3.0.0 PDFBox
2.0.20
> Off-by-one error in PDSignature.getConvertedContents()
> --
>
> Key: PDFBOX-4822
> URL: https://issues.apache.org/jira/browse/PDFBOX-4822
> Project: PDFBox
> Issue Type: Bug
> Components: PDModel
>Affects Versions: 2.0.19
>Reporter: Gábor Stefanik
>Priority: Major
> Fix For: 2.0.20, 3.0.0 PDFBox
>
>
> In PDSignature.java, we have the following function:
> {code:java}
> private byte[] getConvertedContents(InputStream is) throws IOException
> {
> ByteArrayOutputStream byteOS = new ByteArrayOutputStream(1024);
> byte[] buffer = new byte[1024];
> int c;
> while ((c = is.read(buffer)) != -1)
> {
> // Filter < and (
> if(buffer[0]==0x3C || buffer[0]==0x28)
> {
> byteOS.write(buffer, 1, c); // ERROR: may read buffer[1024],
> which doesn't exist!
> }
> // Filter > and )
> else if(buffer[c-1]==0x3E || buffer[c-1]==0x29)
> {
> byteOS.write(buffer, 0, c-1);
> }
> else
> {
> byteOS.write(buffer, 0, c);
> }
> }
> is.close();return
> COSString.parseHex(byteOS.toString("ISO-8859-1")).getBytes();
> }
> {code}
>
> If c = 1024 (i.e. is.read() fills the buffer completely), and the first byte
> is 0x3C or 0x28, we try to read the 1025th byte of the buffer, and hit an
> IndexOutOfBoundsException:
> {noformat}
> java.lang.IndexOutOfBoundsException: Range [1, 1 + 1024) out of bounds for
> length 1024
> at jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
> ~[?:?]
> at
> jdk.internal.util.Preconditions.outOfBoundsCheckFromIndexSize(Preconditions.java:82)
> ~[?:?]
> at
> jdk.internal.util.Preconditions.checkFromIndexSize(Preconditions.java:343)
> ~[?:?]
> at java.util.Objects.checkFromIndexSize(Objects.java:424) ~[?:?]
> at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:155)
> ~[?:?]
> at
> org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getConvertedContents(PDSignature.java:348)
> ~[pdfbox-2.0.19.jar:2.0.19]
> at
> org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getContents(PDSignature.java:335)
> ~[pdfbox-2.0.19.jar:2.0.19]{noformat}
>
> By changing the first byteOS.write call to this:
> {code:java}
> byteOS.write(buffer, 1, c-1);
> {code}
> the problem is fixed.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Updated] (PDFBOX-4822) Off-by-one error in PDSignature.getConvertedContents()
[
https://issues.apache.org/jira/browse/PDFBOX-4822?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gábor Stefanik updated PDFBOX-4822:
---
Description:
In PDSignature.java, we have the following function:
{code:java}
private byte[] getConvertedContents(InputStream is) throws IOException
{
ByteArrayOutputStream byteOS = new ByteArrayOutputStream(1024);
byte[] buffer = new byte[1024];
int c;
while ((c = is.read(buffer)) != -1)
{
// Filter < and (
if(buffer[0]==0x3C || buffer[0]==0x28)
{
byteOS.write(buffer, 1, c); // ERROR: may read buffer[1024],
which doesn't exist!
}
// Filter > and )
else if(buffer[c-1]==0x3E || buffer[c-1]==0x29)
{
byteOS.write(buffer, 0, c-1);
}
else
{
byteOS.write(buffer, 0, c);
}
}
is.close();return
COSString.parseHex(byteOS.toString("ISO-8859-1")).getBytes();
}
{code}
If c = 1024 (i.e. is.read() fills the buffer completely), and the first byte is
0x3C or 0x28, we try to read the 1025th byte of the buffer, and hit an
IndexOutOfBoundsException:
{noformat}
java.lang.IndexOutOfBoundsException: Range [1, 1 + 1024) out of bounds for
length 1024
at jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64) ~[?:?]
at
jdk.internal.util.Preconditions.outOfBoundsCheckFromIndexSize(Preconditions.java:82)
~[?:?]
at
jdk.internal.util.Preconditions.checkFromIndexSize(Preconditions.java:343)
~[?:?]
at java.util.Objects.checkFromIndexSize(Objects.java:424) ~[?:?]
at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:155)
~[?:?]
at
org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getConvertedContents(PDSignature.java:348)
~[pdfbox-2.0.19.jar:2.0.19]
at
org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getContents(PDSignature.java:335)
~[pdfbox-2.0.19.jar:2.0.19]{noformat}
By changing the first byteOS.write call to this:
{code:java}
byteOS.write(buffer, 1, c-1);
{code}
the problem is fixed.
was:
In PDSignature.java, we have the following function:
{code:java}
private byte[] getConvertedContents(InputStream is) throws IOException
{
ByteArrayOutputStream byteOS = new ByteArrayOutputStream(1024);
byte[] buffer = new byte[1024];
int c;
while ((c = is.read(buffer)) != -1)
{
// Filter < and (
if(buffer[0]==0x3C || buffer[0]==0x28)
{
byteOS.write(buffer, 1, c); // ERROR: may read buffer[1024],
which doesn't exist!
}
// Filter > and )
else if(buffer[c-1]==0x3E || buffer[c-1]==0x29)
{
byteOS.write(buffer, 0, c-1);
}
else
{
byteOS.write(buffer, 0, c);
}
}
is.close();return
COSString.parseHex(byteOS.toString("ISO-8859-1")).getBytes();
}
{code}
If c = 1024 (i.e. is.read() fills the buffer completely), and the first byte is
0x3C or 0x28, we try to read the 1025th byte of the buffer, and hit an
IndexOutOfBoundsException:
{noformat}
java.lang.IndexOutOfBoundsException: Range [1, 1 + 1024) out of bounds for
length 1024
at jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64) ~[?:?]
at
jdk.internal.util.Preconditions.outOfBoundsCheckFromIndexSize(Preconditions.java:82)
~[?:?]
at
jdk.internal.util.Preconditions.checkFromIndexSize(Preconditions.java:343)
~[?:?]
at java.util.Objects.checkFromIndexSize(Objects.java:424) ~[?:?]
at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:155)
~[?:?]
at
org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getConvertedContents(PDSignature.java:348)
~[pdfbox-2.0.19.jar:2.0.19]
at
org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getContents(PDSignature.java:335)
~[pdfbox-2.0.19.jar:2.0.19]{noformat}
By changing the first byteOS.write call to this:
{code:java}
byteOS.write(buffer, 1, c-1);
{code}
the problem is fixed.
> Off-by-one error in PDSignature.getConvertedContents()
> --
>
> Key: PDFBOX-4822
> URL: https://issues.apache.org/jira/browse/PDFBOX-4822
> Project: PDFBox
> Issue Type: Bug
> Components: PDModel
>Affects Versions: 2.0.19
>Reporter: Gábor Stefanik
>Priority: Major
>
> In PDSignature.java, we have the following function:
> {code:java}
> private byte[] getConvertedContents(InputStream is) throws IOException
> {
> ByteArrayOutputStream byteOS = new ByteArrayOutputStream(1024);
> byte[]
