SECURITY:

Fix a buffer overflow due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag.
2005-01-27 05:03:27 +00:00 · 2005-01-27 05:03:27 +00:00 · b2653b7620
commit b2653b7620
parent a14779e9e9
2 changed files with 15 additions and 5 deletions
--- a/print/teTeX/base/Makefile
+++ b/print/teTeX/base/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.29 2004/12/26 14:01:36 sturm Exp $
+# $OpenBSD: Makefile,v 1.30 2005/01/27 05:03:27 brad Exp $

 COMMENT=	"TeX distribution, executables"

 VERSION=	2.0.2
 DISTNAME=	tetex-base-${VERSION}
-PKGNAME=	${DISTNAME:S/tetex-/teTeX_/}p2
+PKGNAME=	${DISTNAME:S/tetex-/teTeX_/}p3
 CATEGORIES=	print

 DISTFILES=	tetex-src-${VERSION}.tar.gz
--- a/print/teTeX/base/patches/patch-libs_xpdf_xpdf_XRef_cc
+++ b/print/teTeX/base/patches/patch-libs_xpdf_xpdf_XRef_cc
@ -1,6 +1,6 @@
-$OpenBSD: patch-libs_xpdf_xpdf_XRef_cc,v 1.1 2004/11/27 14:15:04 sturm Exp $
--- libs/xpdf/xpdf/XRef.cc.orig	Sun Nov  3 23:15:37 2002
-+++ libs/xpdf/xpdf/XRef.cc	Sat Nov 27 14:51:17 2004
+$OpenBSD: patch-libs_xpdf_xpdf_XRef_cc,v 1.2 2005/01/27 05:03:28 brad Exp $
+--- libs/xpdf/xpdf/XRef.cc.orig	Sun Nov  3 17:15:37 2002
+++ libs/xpdf/xpdf/XRef.cc	Wed Jan 26 21:47:22 2005
@@ -28,6 +28,7 @@
 #include "Error.h"
 #include "ErrorCodes.h"
@ -54,3 +54,13 @@ $OpenBSD: patch-libs_xpdf_xpdf_XRef_cc,v 1.1 2004/11/27 14:15:04 sturm Exp $
 	streamEnds = (Guint *)grealloc(streamEnds,
 				       streamEndsSize * sizeof(int));
       }
+@@ -480,6 +498,9 @@ GBool XRef::checkEncrypted(GString *owne
+ 	  keyLength = lengthObj.getInt() / 8;
+ 	} else {
+ 	  keyLength = 5;
+	}
+	if (keyLength > 16) {
+	  keyLength = 16;
+ 	}
+ 	permFlags = permissions.getInt();
+ 	if (encVersion >= 1 && encVersion <= 2 &&