[Poppler-bugs] [Bug 21270] New: owner password not accepted for revision 3 security handler
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Apr 18 11:07:47 PDT 2009
http://bugs.freedesktop.org/show_bug.cgi?id=21270
Summary: owner password not accepted for revision 3 security
handler
Product: poppler
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: medium
Component: general
AssignedTo: poppler-bugs at lists.freedesktop.org
ReportedBy: matthias at ktug.or.kr
Created an attachment (id=24919)
--> (http://bugs.freedesktop.org/attachment.cgi?id=24919)
encrypted PDF file (48 bit); owner pw "o", user pw "u"
PDF files encrypted with more than 40 bits key length ("revision 3 security
handler") cannot be decrypted with the owner password unless the key length is
exactly 128 bits.
The attached PDF file shows this behaviour. The owner password is "o" and the
user password "u" (without quotes). Acrobat Reader and GS accept both, evince
(and xpdf) only the user password.
I'm pretty sure that bug is caused by the following loop in the function
Decrypt::makeFileKey, where the owner password is treated:
if (encRevision == 3) {
for (i = 0; i < 50; ++i) {
md5(test, 16, test);
}
}
The corresponding code for the user password in Decrypt::makeFileKey2 reads as
follows:
if (encRevision == 3) {
for (i = 0; i < 50; ++i) {
md5(fileKey, keyLength, fileKey);
}
}
The difference is that the in the second loop the hash is truncated to the key
length. This truncation (which does nothing if the key is exactly 16 bytes) is
not mentioned in the PDF spec, but it seems to be the behaviour of Acrobat
Reader ...
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list