Check for valid file name of embedded file

Resolves: #1649451
2018-11-15 15:46:40 +01:00 · 2018-11-15 15:46:40 +01:00 · ccc7adafd4
commit ccc7adafd4
parent fc0e40643e
2 changed files with 89 additions and 1 deletions
--- a/poppler-0.67.0-valid-embedded-file-name.patch
+++ b/poppler-0.67.0-valid-embedded-file-name.patch
@ -0,0 +1,81 @@
+From d2f5d424ba8752f9a9e9dad410546ec1b46caa0a Mon Sep 17 00:00:00 2001
+From: Adam Reichold <adam.reichold@t-online.de>
+Date: Tue, 6 Nov 2018 09:08:06 +0100
+Subject: [PATCH] pdfdetach: Check for valid file name of embedded file before
+ using it to determine save path.
+
+Closes #660
+---
+ utils/pdfdetach.cc | 24 ++++++++++++++++++------
+ 1 file changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/utils/pdfdetach.cc b/utils/pdfdetach.cc
+index a8720c64..71fa8608 100644
+--- a/utils/pdfdetach.cc
+++ b/utils/pdfdetach.cc
+@@ -191,14 +191,18 @@ int main(int argc, char *argv[]) {
+       fileSpec = static_cast<FileSpec *>(embeddedFiles->get(i));
+       printf("%d: ", i+1);
+       s1 = fileSpec->getFileName();
+-      if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+      if (!s1) {
+	exitCode = 3;
+	goto err2;
+      }
+      if (s1->hasUnicodeMarker()) {
+         isUnicode = gTrue;
+         j = 2;
+       } else {
+         isUnicode = gFalse;
+         j = 0;
+       }
+-      while (j < fileSpec->getFileName()->getLength()) {
+      while (j < s1->getLength()) {
+         if (isUnicode) {
+           u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
+           j += 2;
+@@ -228,14 +232,18 @@ int main(int argc, char *argv[]) {
+ 	p = path;
+       }
+       s1 = fileSpec->getFileName();
+-      if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+      if (!s1) {
+	exitCode = 3;
+	goto err2;
+      }
+      if (s1->hasUnicodeMarker()) {
+         isUnicode = gTrue;
+         j = 2;
+       } else {
+         isUnicode = gFalse;
+         j = 0;
+       }
+-      while (j < fileSpec->getFileName()->getLength()) {
+      while (j < s1->getLength()) {
+         if (isUnicode) {
+           u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
+           j += 2;
+@@ -276,14 +284,18 @@ int main(int argc, char *argv[]) {
+     } else {
+       p = path;
+       s1 = fileSpec->getFileName();
+-      if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+      if (!s1) {
+	exitCode = 3;
+	goto err2;
+      }
+      if (s1->hasUnicodeMarker()) {
+         isUnicode = gTrue;
+         j = 2;
+       } else {
+         isUnicode = gFalse;
+         j = 0;
+       }
+-      while (j < fileSpec->getFileName()->getLength()) {
+      while (j < s1->getLength()) {
+         if (isUnicode) {
+           u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
+           j += 2;
+-- 
+2.19.1
+
--- a/poppler.spec
+++ b/poppler.spec
@ -4,7 +4,7 @@
 Summary: PDF rendering library
 Name:    poppler
 Version: 0.67.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
 Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@ -34,6 +34,9 @@ Patch10:  poppler-0.67.0-stream-check.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1649440
 Patch11:  poppler-0.67.0-valid-embedded-file.patch

+# https://bugzilla.redhat.com/show_bug.cgi?id=1649450
+Patch12:  poppler-0.67.0-valid-embedded-file-name.patch
+
 BuildRequires: cmake
 BuildRequires: gcc-c++
 BuildRequires: gettext-devel
@ -264,6 +267,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*

 %changelog
+* Thu Nov 15 2018 Marek Kasik <mkasik@redhat.com> - 0.67.0-6
+- Check for valid file name of embedded file
+- Resolves: #1649451
+
 * Thu Nov 15 2018 Marek Kasik <mkasik@redhat.com> - 0.67.0-5
 - Check for valid embedded file before trying to save it
 - Resolves: #1649441