← Back to team overview

touch-packages team mailing list archive

[Bug 740506]

 

I am not sure if I am just missing where this is verified earlier, but
isn't

unsigned int signed_data_len = r2.getInt()+r4.getInt();
unsigned char *to_check = (unsigned char *)gmalloc(signed_data_len);

//Read the 2 slices of data that are signed
doc->getBaseStream()->setPos(0);
doc->getBaseStream()->doGetChars(r2.getInt(), to_check);
doc->getBaseStream()->setPos(r3.getInt());
doc->getBaseStream()->doGetChars(r4.getInt(), to_check+r2.getInt());

from FormFieldSignature::validateSignature susceptible to buffer
overflow?

Meaning for example if r4.getInt() < 0, then signed_data_len <
r2.getInt(), so we overflow to_check in the first call to doGetChars
while the second one becomes a no-op for a least the Stream and
FileStream implementations.

Best regards, Adam.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/740506

Title:
  verify digital signatures

Status in Evince:
  Confirmed
Status in Poppler:
  Confirmed
Status in poppler package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: evince

  This is a feature request to verify digital signatures.  I'm receiving more and more digitally signed PDF's and evince already acknowledges them with:
  Signature Not Verified
  Digitally signed by <signer>
  Date:  <time stamp>
  Reason: <reason>
  Location: <location>
  but it would be great if Evince would be integrated into the distro's ca-certificate infrastructure to verify these signatures.

To manage notifications about this bug go to:
https://bugs.launchpad.net/evince/+bug/740506/+subscriptions