pdfbox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From til...@apache.org
Subject svn commit: r1855061 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Date Fri, 08 Mar 2019 18:22:04 GMT
Author: tilman
Date: Fri Mar  8 18:22:03 2019
New Revision: 1855061

URL: http://svn.apache.org/viewvc?rev=1855061&view=rev
Log:
PDFBOX-3017: check whether gap contains a hex value equal byte-by-byte to the Content value,
as suggested by mkl in SO 55049270 comment

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java?rev=1855061&r1=1855060&r2=1855061&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
(original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
Fri Mar  8 18:22:03 2019
@@ -61,6 +61,7 @@ import org.apache.pdfbox.pdmodel.PDDocum
 import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
 import org.apache.pdfbox.pdmodel.encryption.SecurityProvider;
 import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
+import org.apache.pdfbox.util.Charsets;
 import org.apache.pdfbox.util.Hex;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.cms.Attribute;
@@ -285,6 +286,7 @@ public final class ShowSignature
                         {
                             System.out.println("Signature covers whole document");
                         }
+                        checkContentValueWithFile(infile, byteRange, contents);
                     }
                 }
                 analyseDSS(document);
@@ -297,6 +299,59 @@ public final class ShowSignature
         }
     }
 
+    private void checkContentValueWithFile(File file, int[] byteRange, COSString contents)
throws IOException
+    {
+        // https://stackoverflow.com/questions/55049270
+        // comment by mkl: check whether gap contains a hex value equal
+        // byte-by-byte to the Content value, to prevent attacker from using a literal string
+        // to allow extra space
+        try (RandomAccessBufferedFileInputStream raf = new RandomAccessBufferedFileInputStream(file))
+        {
+            raf.seek(byteRange[1]);
+            int c = raf.read();
+            if (c != '<')
+            {
+                System.err.println("'<' expected at offset " + byteRange[1] + ", but got
" + (char) c);
+            }
+            byte[] contentFromFile = raf.readFully(byteRange[2] - byteRange[1] - 2);
+            byte[] contentAsHex = Hex.getString(contents.getBytes()).getBytes(Charsets.US_ASCII);
+            if (contentFromFile.length != contentAsHex.length)
+            {
+                System.err.println("Raw content length from file is " +
+                        contentFromFile.length +
+                        ", but internal content string in hex has length " +
+                        contentAsHex.length);
+            }
+            // Compare the two, we can't do byte comparison because of upper/lower case
+            // also check that it is really hex
+            for (int i = 0; i < contentFromFile.length; ++i)
+            {
+                try
+                {
+                    if (Integer.parseInt(String.valueOf((char) contentFromFile[i]), 16) !=
+                        Integer.parseInt(String.valueOf((char) contentAsHex[i]), 16))
+                    {
+                        System.err.println("Possible manipulation at file offset " +
+                                (byteRange[1] + i + 1) + " in signature content");
+                        break;
+                    }
+                }
+                catch (NumberFormatException ex)
+                {
+                    System.err.println("Incorrect hex value");
+                    System.err.println("Possible manipulation at file offset " +
+                            (byteRange[1] + i + 1) + " in signature content");
+                    break;
+                }
+            }
+            c = raf.read();
+            if (c != '>')
+            {
+                System.err.println("'>' expected at offset " + byteRange[2] + ", but got
" + (char) c);
+            }
+        }
+    }
+
     /**
      * Verify ETSI.RFC3161 TImeStampToken
      *



Mime
View raw message