[Poppler-bugs] [Bug 99271] make it possible to extract digital signature data (also in pdfsig)
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jun 19 11:22:19 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=99271
--- Comment #17 from Adrian Johnson <ajohnson at redneon.com> ---
(In reply to Hans-Ulrich Jüttner from comment #16)
> Created attachment 132053 [details] [review]
> Patch fixing this bug and adding support for specification of a validation
> time
>
> I changed the types of 'start' and 'end' to int as they are put into
> GooString::getChar() which takes an int and would anyway produce an integer
> overflow for values >= 2GB. I think that should fix the complaint about the
> differing type of 'len'.
The start and end needs to be of type Goffset to support PDF files > 2GB.
+ if (end >= start+6)
+ {
+ BaseStream* stream = doc->getBaseStream();
+ file_size = stream->getLength();
+ GooString gstr;
+ stream->fillGooString(&gstr);
You're reading the entire PDF file into a GooString! Use stream->setPos(start)
to seek to the start of the signature then read what you need into a GooString.
Is there an upper limit to the signature size? You should set some limit on the
amount of data read into a GooString. Or use the stream operators (setPos(),
getChar(), lookChar() etc) to read directly from the stream.
It would also be useful to make pdfsig to print the ranges and
signsTotalDocument info.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170619/b570d82c/attachment.html>
More information about the Poppler-bugs
mailing list