[
https://issues.apache.org/jira/browse/FOP-2389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Luis Bernardo resolved FOP-2389.
--------------------------------
Resolution: Fixed
Fix Version/s: trunk
Fixed in http://svn.apache.org/viewvc?view=revision&revision=1608815.
Documentation updated:
http://xmlgraphics.apache.org/fop/trunk/pdfencryption.html
Note that the limitation of 32 bytes (or 127 bytes for key lengths of 256) is
set in the spec (and longer passwords are truncated, according to the spec too).
> PDFEncryption: error when Password length>32
> --------------------------------------------
>
> Key: FOP-2389
> URL: https://issues.apache.org/jira/browse/FOP-2389
> Project: Fop
> Issue Type: Bug
> Affects Versions: 1.1
> Reporter: Andreas F.
> Priority: Minor
> Fix For: trunk
>
>
> in method
> org.apache.fop.pdf.PDFEncryptionJCE.InitializationEngine#preparePassword
> (lines 281ff.?)
> the arraycopy expects supplied password's length to be <=32
> it copies supplied pw to a destination with 32 bytes length but uses supplied
> pw's byte length as bytecount to System.arraycopy.
> So this fails with an ArrayIndexOutOfBoundsException
> which is later wrapped in an InvocationTargetException (which is only logged
> by PDFEncryptionManager, so the original cause is even not visible in the
> logs):
> private byte[] preparePassword(String password) {
> int finalLength = 32;
> byte[] preparedPassword = new byte[finalLength];
> byte[] passwordBytes = password.getBytes();
> System.arraycopy(passwordBytes, 0, preparedPassword, 0,
> passwordBytes.length);
> System.arraycopy(padding, 0, preparedPassword,
> passwordBytes.length,
> finalLength - passwordBytes.length);
> return preparedPassword;
> }
> Is this required by the PDF spec?? Then IMHO it should at least be documented?
> possible fix?:
> System.arraycopy(passwordBytes, 0, preparedPassword, 0,
> Math.min(passwordBytes.length, finalLength))
--
This message was sent by Atlassian JIRA
(v6.2#6252)
