From f3d9249ca6be6e69362b3ae90842fd2211fd0829 Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Fri, 14 Oct 2016 18:15:35 +0200 Subject: xmlsecurity: check file header when reading PDF signature Currently the only non-ZIP-based import filter that declares the SUPPORTSSIGNING flag is PDF, so if we get a stream without a storage, we assume it's PDF. If any other non-ZIP-based format would add that flag in the future, that would mean PDFDocument::Read() gets that as an input. That means it makes sense to at least check the file header early in the tokenizer, and return early when that doesn't match. Change-Id: I8760d130c4211f37be705e03b22814825042cac8 Reviewed-on: https://gerrit.libreoffice.org/29888 Tested-by: Jenkins Reviewed-by: Miklos Vajna --- xmlsecurity/source/pdfio/pdfdocument.cxx | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'xmlsecurity') diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx index 3766e4d3d5f3..4711084dde50 100644 --- a/xmlsecurity/source/pdfio/pdfdocument.cxx +++ b/xmlsecurity/source/pdfio/pdfdocument.cxx @@ -215,7 +215,17 @@ PDFDocument::PDFDocument() bool PDFDocument::Read(SvStream& rStream) { - // First look up the offset of the xref table. + // Check file magic. + std::vector aHeader(5); + rStream.Seek(0); + rStream.ReadBytes(aHeader.data(), aHeader.size()); + if (aHeader[0] != '%' || aHeader[1] != 'P' || aHeader[2] != 'D' || aHeader[3] != 'F' || aHeader[4] != '-') + { + SAL_WARN("xmlsecurity.pdfio", "PDFDocument::Read: header mismatch"); + return false; + } + + // Look up the offset of the xref table. size_t nStartXRef = FindStartXRef(rStream); SAL_INFO("xmlsecurity.pdfio", "PDFDocument::Read: nStartXRef is " << nStartXRef); if (nStartXRef == 0) -- cgit