From bb48a67f84e2151bd27ba0b0f87dcf0e46605e61 Mon Sep 17 00:00:00 2001 From: Rodrigo Tobar Date: Tue, 20 Dec 2022 14:01:58 +0800 Subject: [PATCH] LibPDF: Reset encryption key on failed user password attempt When an attempt is made to provide the user password to a SecurityHandler a user gets back a boolean result indicating success or failure on the attempt. However, the SecurityHandler is left in a state where it thinks it has a user password, regardless of the outcome of the attempt. This confuses the rest of the system, which continues as if the provided password is correct, resulting in garbled content. This commit fixes the situation by resetting the internal fields holding the encryption key (which is used to determine whether a user password has been successfully provided) in case of a failed attempt. --- Userland/Libraries/LibPDF/Encryption.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Userland/Libraries/LibPDF/Encryption.cpp b/Userland/Libraries/LibPDF/Encryption.cpp index 396387cd81..cf85870b0d 100644 --- a/Userland/Libraries/LibPDF/Encryption.cpp +++ b/Userland/Libraries/LibPDF/Encryption.cpp @@ -187,9 +187,14 @@ bool StandardSecurityHandler::try_provide_user_password(StringView password_stri // handlers of revision 3 or greater), the password supplied is the correct user // password. auto u_bytes = m_u_entry.bytes(); + bool has_user_password; if (m_revision >= 3) - return u_bytes.slice(0, 16) == password_buffer.bytes().slice(0, 16); - return u_bytes == password_buffer.bytes(); + has_user_password = u_bytes.slice(0, 16) == password_buffer.bytes().slice(0, 16); + else + has_user_password = u_bytes == password_buffer.bytes(); + if (!has_user_password) + m_encryption_key = {}; + return has_user_password; } ByteBuffer StandardSecurityHandler::compute_encryption_key(ByteBuffer password_string)