Security improvements

cpdfmanual.tex

@@ -179,9 +179,9 @@ These examples demonstrate just a few of the facilities provided by the Coherent
 
 \section*{\hyperref[chap:4]{Chapter 4: Encryption and Decryption}}
 
-\begin{framed}\noindent\texttt{cpdf -encrypt 128bit fred joe in.pdf -o out.pdf}\end{framed}
+\begin{framed}\noindent\texttt{cpdf -encrypt AES256ISO fred joe in.pdf -o out.pdf}\end{framed}
 
-\noindent Encrypt \texttt{in.pdf} using 128bit PDF encryption using the owner password \texttt{fred} and the user password \texttt{joe} and writing the encrypted file to \texttt{out.pdf}
+\noindent Encrypt \texttt{in.pdf} using AES 256 PDF encryption using the owner password \texttt{fred} and the user password \texttt{joe} and writing the encrypted file to \texttt{out.pdf}
 
 \begin{framed}\noindent\texttt{cpdf -decrypt in.pdf owner=fred -o out.pdf}\end{framed}
 
@@ -1931,11 +1931,11 @@ person:
   \end{description}
   There are five kinds of encryption:
   \begin{itemize}
-  \item 40-bit encryption (method \texttt{40bit}) in Acrobat 3 (PDF 1.1) and above
-  \item 128-bit encryption (method \texttt{128bit}) in Acrobat 5 (PDF 1.4) and above
+  \item 40-bit encryption (method \texttt{40bit}) in Acrobat 3 (PDF 1.1) and above -- \textit{this is insecure -- do not use for new documents} 
+  \item 128-bit encryption (method \texttt{128bit}) in Acrobat 5 (PDF 1.4) and above -- \textit{this is insecure -- do not use for new documents}
   \item 128-bit AES encryption (method \texttt{AES}) in Acrobat 7 (PDF 1.6) and above
   \item 256-bit AES encryption (method \texttt{AES256}) in Acrobat 9 (PDF 1.7) -- \textit{this is deprecated -- do not use for new documents}
-  \item 256-bit AES encryption (method \texttt{AES256ISO}) in PDF 2.0
+  \item 256-bit AES encryption (method \texttt{AES256ISO}) in Acrobat 9 (PDF 1.7) and later. Also suitable for PDF 2.0.
   \end{itemize}
 
    \vspace{2mm}
@@ -1972,13 +1972,13 @@ person:
   To encrypt a document, the owner and user passwords must be given (here, \texttt{fred} and \texttt{charles} respectively):
 
   \begin{framed}
-    \noindent\small\verb!cpdf -encrypt 40bit fred charles -no-print in.pdf -o out.pdf!
+    \noindent\small\verb!cpdf -encrypt AES fred charles -no-print in.pdf -o out.pdf!
 
     \vspace{1.5mm}
-    \noindent\small\verb!cpdf -encrypt 128bit fred charles -no-extract in.pdf -o out.pdf!
+    \noindent\small\verb!cpdf -encrypt AES fred charles -no-extract in.pdf -o out.pdf!
 
     \vspace{1.5mm}
-    \noindent\small\verb!cpdf -encrypt AES fred "" -no-edit -no-copy in.pdf -o out.pdf!
+    \noindent\small\verb!cpdf -encrypt AES256ISO fred "" -no-edit -no-copy in.pdf -o out.pdf!
   \end{framed}
 
   \noindent A blank user password is

cpdfpng.ml

@@ -111,7 +111,7 @@ let concat_bytes ss =
       let p = ref 0 in
         iter
           (fun s ->
-             for x = 0 to bytes_size s - 1 do bset_unsafe s' !p (bget s x); incr p done)
+             for x = 0 to bytes_size s - 1 do bset_unsafe s' !p (bget_unsafe s x); incr p done)
           ss;
         s'
 

cpdfutil.ml

@@ -1,3 +1,5 @@
+open Pdfutil
+
 let rec dict_entry_single_object f pdf = function
   | (Pdf.Dictionary d) -> f (Pdf.recurse_dict (dict_entry_single_object f pdf) d)
   | (Pdf.Stream {contents = (Pdf.Dictionary dict, data)}) ->
@@ -30,3 +32,11 @@ let replace_dict_entry pdf key value search =
     Pdf.objselfmap (dict_entry_single_object f pdf) pdf;
     pdf.Pdf.trailerdict <- dict_entry_single_object f pdf pdf.Pdf.trailerdict
 
+let injectible = function '&' | '|' | '\n' | '`' | '$' -> true | _ -> false
+
+let check_injectible s =
+  if List.exists injectible (explode s) then
+    begin
+      Pdfe.log "Insecure character in path name. Exiting\n";
+      exit 2
+    end

cpdfutil.mli

@@ -5,3 +5,6 @@ val remove_dict_entry : Pdf.t -> string -> Pdf.pdfobject option -> unit
 
 (** Replace a dictionary entry. *)
 val replace_dict_entry : Pdf.t -> string -> Pdf.pdfobject -> Pdf.pdfobject option -> unit
+
+(** Check for injectible characters in a string, and error out if so. *)
+val check_injectible : string -> unit