From 7b2e898f2b4626693f8902bead0b60a54d37aa27 Mon Sep 17 00:00:00 2001 From: Lei Zhang Date: Mon, 6 Jan 2020 23:01:45 +0000 Subject: [Backport] CVE-2020-6398 - Uninitialized use in PDFium MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manual backport of patch originally reviewed on https://pdfium-review.googlesource.com/c/pdfium/+/63933: M80: Avoid regenerating revision 5 and 6 encryption dictionaries. Unlike revision 2 and 3, revision 5 and 6 encryption is not tied to the document ID in the trailer. Thus regenerating the encryption dictionary when the ID changes is completely unnecessary. Avoid doing this. Unlike https://pdfium-review.googlesource.com/c/pdfium/+/63933, this merge CL does not include the tests. Bug: chromium:1032090 Change-Id: I7f855cd31968f28668c0cf0ded8286d17fc990ad Reviewed-by: Jüri Valdmann --- chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp b/chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp index 11c0f2d089b..9706f0b3908 100644 --- a/chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp +++ b/chromium/third_party/pdfium/core/fpdfapi/edit/cpdf_creator.cpp @@ -617,7 +617,9 @@ void CPDF_Creator::InitID() { m_pIDArray->Add(m_pIDArray->GetObjectAt(0)->Clone()); if (m_pEncryptDict) { ASSERT(m_pParser); - if (m_pEncryptDict->GetStringFor("Filter") == "Standard") { + int revision = m_pEncryptDict->GetIntegerFor("R"); + if ((revision == 2 || revision == 3) && + m_pEncryptDict->GetStringFor("Filter") == "Standard") { m_pNewEncryptDict = ToDictionary(m_pEncryptDict->Clone()); m_pEncryptDict = m_pNewEncryptDict.Get(); m_pSecurityHandler = pdfium::MakeRetain(); -- cgit v1.2.1