[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice
Subject: Re: [SECURITY] Newest KOffice PDF Import Filter Vulnerability
From: Ben Burton <bab () debian ! org>
Date: 2005-01-20 15:33:29
Message-ID: 20050120153329.GA5088 () eclipse ! debian ! net
[Download RAW message or body]
Hi,
A member of the debian security team has posted a bug against koffice,
also for CAN-2005-0064. The patch however is quite different.
http://bugs.debian.org/291245
Are these the same issue? In particular, do I need to apply both
patches, or just one of the patches? If just one, would you recommend
the debian patch (included below) or the KDE patch (from your previous
post)?
Thanks - Ben.
--- xpdf-3.00.orig/xpdf/Decrypt.cc
+++ xpdf-3.00/xpdf/Decrypt.cc
@@ -73,6 +73,11 @@
Guchar fx, fy;
int len, i, j;
+ // check whether we have non-zero keyLength
+ if ( !keyLength ) {
+ return gFalse;
+ }
+
// try using the supplied owner password to generate the user password
*ownerPasswordOk = gFalse;
if (ownerPassword) {
@@ -98,7 +103,7 @@
} else {
memcpy(test2, ownerKey->getCString(), 32);
for (i = 19; i >= 0; --i) {
- for (j = 0; j < keyLength; ++j) {
+ for (j = 0; j < keyLength && j < 16; ++j) {
tmpKey[j] = test[j] ^ i;
}
rc4InitKey(tmpKey, keyLength, fState);
@@ -135,6 +140,11 @@
int len, i, j;
GBool ok;
+ // check whether we have non-zero keyLength
+ if ( !keyLength ) {
+ return gFalse;
+ }
+
// generate file key
buf = (Guchar *)gmalloc(68 + fileID->getLength());
if (userPassword) {
@@ -172,7 +182,7 @@
} else if (encRevision == 3) {
memcpy(test, userKey->getCString(), 32);
for (i = 19; i >= 0; --i) {
- for (j = 0; j < keyLength; ++j) {
+ for (j = 0; j < keyLength && j < 16; ++j) {
tmpKey[j] = fileKey[j] ^ i;
}
rc4InitKey(tmpKey, keyLength, fState);
____________________________________
koffice mailing list
koffice@mail.kde.org
To unsubscribe please visit:
https://mail.kde.org/mailman/listinfo/koffice
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic