pmanolak/libgourou
1
0
Fork 0
forked from soutade/libgourou
Code Pull Requests Activity

Fix a use after free in adept_activate : pass string destroyed too early

Browse Source
This commit is contained in:
Grégory Soutadé 2022-02-22 20:58:40 +01:00
parent 41f1a1e980
commit 479869b7f2
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libgourou.cpp
View File

@ -1205,14 +1205,14 @@ namespace gourou
if ((*datasIt)->type() != uPDFParser::DataType::STREAM) if ((*datasIt)->type() != uPDFParser::DataType::STREAM)
continue; continue;
GOUROU_LOG(DEBUG, "Decrypt stream id " << object->objectId());
stream = (uPDFParser::Stream*) (*datasIt); stream = (uPDFParser::Stream*) (*datasIt);
unsigned char* encryptedData = stream->data(); unsigned char* encryptedData = stream->data();
unsigned int dataLength = stream->dataLength(); unsigned int dataLength = stream->dataLength();
unsigned char* clearData = new unsigned char[dataLength]; unsigned char* clearData = new unsigned char[dataLength];
unsigned int dataOutLength; unsigned int dataOutLength;
GOUROU_LOG(DEBUG, "Decrypt stream id " << object->objectId() << ", size " << stream->dataLength());
client->Decrypt(CryptoInterface::ALGO_RC4, CryptoInterface::CHAIN_ECB, client->Decrypt(CryptoInterface::ALGO_RC4, CryptoInterface::CHAIN_ECB,
tmpKey, 16, /* Key */ tmpKey, 16, /* Key */
NULL, 0, /* IV */ NULL, 0, /* IV */

3
utils/adept_activate.cpp
View File

@ -289,11 +289,12 @@ int main(int argc, char** argv)
; ;
} }
std::string pass;
if (!password) if (!password)
{ {
char prompt[128]; char prompt[128];
std::snprintf(prompt, sizeof(prompt), "Enter password for <%s> : ", username); std::snprintf(prompt, sizeof(prompt), "Enter password for <%s> : ", username);
std::string pass = getpass((const char*)prompt, false); pass = getpass((const char*)prompt, false);
password = pass.c_str(); password = pass.c_str();
} }