You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fop-dev@xmlgraphics.apache.org by "Andreas F. (JIRA)" <ji...@apache.org> on 2014/07/08 16:12:04 UTC

[jira] [Created] (FOP-2389) PDFEncryption: error when Password length>32

Andreas F. created FOP-2389:
-------------------------------

             Summary: PDFEncryption: error when Password length>32
                 Key: FOP-2389
                 URL: https://issues.apache.org/jira/browse/FOP-2389
             Project: Fop
          Issue Type: Bug
    Affects Versions: 1.1
            Reporter: Andreas F.
            Priority: Minor


in method
org.apache.fop.pdf.PDFEncryptionJCE.InitializationEngine#preparePassword (lines 281ff.?)
the arraycopy expects supplied password's length to be <=32

it copies supplied pw to a destination with 32 bytes length but uses supplied pw's byte length as bytecount to System.arraycopy.
So this fails with an ArrayIndexOutOfBoundsException
which is later wrapped in an InvocationTargetException (which is only logged by PDFEncryptionManager, so the original cause is even not visible in the logs):

        private byte[] preparePassword(String password) {
            int finalLength = 32;
            byte[] preparedPassword = new byte[finalLength];
            byte[] passwordBytes = password.getBytes();
            System.arraycopy(passwordBytes, 0, preparedPassword, 0, passwordBytes.length);
            System.arraycopy(padding, 0, preparedPassword, passwordBytes.length,
                    finalLength - passwordBytes.length);
            return preparedPassword;
        }


Is this required by the PDF spec?? Then IMHO it should at least be documented?

possible fix?:
System.arraycopy(passwordBytes, 0, preparedPassword, 0, Math.min(passwordBytes.length, finalLength))



--
This message was sent by Atlassian JIRA
(v6.2#6252)