Uploaded image for project: 'FOP'
  1. FOP
  2. FOP-2389

PDFEncryption: error when Password length>32

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.1
    • 2.2
    • None
    • None

    Description

      in method
      org.apache.fop.pdf.PDFEncryptionJCE.InitializationEngine#preparePassword (lines 281ff.?)
      the arraycopy expects supplied password's length to be <=32

      it copies supplied pw to a destination with 32 bytes length but uses supplied pw's byte length as bytecount to System.arraycopy.
      So this fails with an ArrayIndexOutOfBoundsException
      which is later wrapped in an InvocationTargetException (which is only logged by PDFEncryptionManager, so the original cause is even not visible in the logs):

      private byte[] preparePassword(String password)

      { int finalLength = 32; byte[] preparedPassword = new byte[finalLength]; byte[] passwordBytes = password.getBytes(); System.arraycopy(passwordBytes, 0, preparedPassword, 0, passwordBytes.length); System.arraycopy(padding, 0, preparedPassword, passwordBytes.length, finalLength - passwordBytes.length); return preparedPassword; }

      Is this required by the PDF spec?? Then IMHO it should at least be documented?

      possible fix?:
      System.arraycopy(passwordBytes, 0, preparedPassword, 0, Math.min(passwordBytes.length, finalLength))

      Attachments

        Activity

          People

            Unassigned Unassigned
            ndf Andreas F.
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: