diff --git a/cpdfmanual.pdf b/cpdfmanual.pdf index 357aaa6..83e34ff 100644 Binary files a/cpdfmanual.pdf and b/cpdfmanual.pdf differ diff --git a/cpdfmanual.tex b/cpdfmanual.tex index 7a11281..1f6ddab 100644 --- a/cpdfmanual.tex +++ b/cpdfmanual.tex @@ -179,9 +179,9 @@ These examples demonstrate just a few of the facilities provided by the Coherent \section*{\hyperref[chap:4]{Chapter 4: Encryption and Decryption}} -\begin{framed}\noindent\texttt{cpdf -encrypt 128bit fred joe in.pdf -o out.pdf}\end{framed} +\begin{framed}\noindent\texttt{cpdf -encrypt AES256ISO fred joe in.pdf -o out.pdf}\end{framed} -\noindent Encrypt \texttt{in.pdf} using 128bit PDF encryption using the owner password \texttt{fred} and the user password \texttt{joe} and writing the encrypted file to \texttt{out.pdf} +\noindent Encrypt \texttt{in.pdf} using AES 256 PDF encryption using the owner password \texttt{fred} and the user password \texttt{joe} and writing the encrypted file to \texttt{out.pdf} \begin{framed}\noindent\texttt{cpdf -decrypt in.pdf owner=fred -o out.pdf}\end{framed} @@ -1931,11 +1931,11 @@ person: \end{description} There are five kinds of encryption: \begin{itemize} - \item 40-bit encryption (method \texttt{40bit}) in Acrobat 3 (PDF 1.1) and above - \item 128-bit encryption (method \texttt{128bit}) in Acrobat 5 (PDF 1.4) and above + \item 40-bit encryption (method \texttt{40bit}) in Acrobat 3 (PDF 1.1) and above -- \textit{this is insecure -- do not use for new documents} + \item 128-bit encryption (method \texttt{128bit}) in Acrobat 5 (PDF 1.4) and above -- \textit{this is insecure -- do not use for new documents} \item 128-bit AES encryption (method \texttt{AES}) in Acrobat 7 (PDF 1.6) and above \item 256-bit AES encryption (method \texttt{AES256}) in Acrobat 9 (PDF 1.7) -- \textit{this is deprecated -- do not use for new documents} - \item 256-bit AES encryption (method \texttt{AES256ISO}) in PDF 2.0 + \item 256-bit AES encryption (method \texttt{AES256ISO}) in Acrobat 9 (PDF 1.7) and later. Also suitable for PDF 2.0. \end{itemize} \vspace{2mm} @@ -1972,13 +1972,13 @@ person: To encrypt a document, the owner and user passwords must be given (here, \texttt{fred} and \texttt{charles} respectively): \begin{framed} - \noindent\small\verb!cpdf -encrypt 40bit fred charles -no-print in.pdf -o out.pdf! + \noindent\small\verb!cpdf -encrypt AES fred charles -no-print in.pdf -o out.pdf! \vspace{1.5mm} - \noindent\small\verb!cpdf -encrypt 128bit fred charles -no-extract in.pdf -o out.pdf! + \noindent\small\verb!cpdf -encrypt AES fred charles -no-extract in.pdf -o out.pdf! \vspace{1.5mm} - \noindent\small\verb!cpdf -encrypt AES fred "" -no-edit -no-copy in.pdf -o out.pdf! + \noindent\small\verb!cpdf -encrypt AES256ISO fred "" -no-edit -no-copy in.pdf -o out.pdf! \end{framed} \noindent A blank user password is diff --git a/cpdfpng.ml b/cpdfpng.ml index 060dffa..ce1fd6e 100644 --- a/cpdfpng.ml +++ b/cpdfpng.ml @@ -111,7 +111,7 @@ let concat_bytes ss = let p = ref 0 in iter (fun s -> - for x = 0 to bytes_size s - 1 do bset_unsafe s' !p (bget s x); incr p done) + for x = 0 to bytes_size s - 1 do bset_unsafe s' !p (bget_unsafe s x); incr p done) ss; s' diff --git a/cpdfutil.ml b/cpdfutil.ml index 8deea64..b60d066 100644 --- a/cpdfutil.ml +++ b/cpdfutil.ml @@ -1,3 +1,5 @@ +open Pdfutil + let rec dict_entry_single_object f pdf = function | (Pdf.Dictionary d) -> f (Pdf.recurse_dict (dict_entry_single_object f pdf) d) | (Pdf.Stream {contents = (Pdf.Dictionary dict, data)}) -> @@ -30,3 +32,11 @@ let replace_dict_entry pdf key value search = Pdf.objselfmap (dict_entry_single_object f pdf) pdf; pdf.Pdf.trailerdict <- dict_entry_single_object f pdf pdf.Pdf.trailerdict +let injectible = function '&' | '|' | '\n' | '`' | '$' -> true | _ -> false + +let check_injectible s = + if List.exists injectible (explode s) then + begin + Pdfe.log "Insecure character in path name. Exiting\n"; + exit 2 + end diff --git a/cpdfutil.mli b/cpdfutil.mli index c036b5b..a4038d8 100644 --- a/cpdfutil.mli +++ b/cpdfutil.mli @@ -5,3 +5,6 @@ val remove_dict_entry : Pdf.t -> string -> Pdf.pdfobject option -> unit (** Replace a dictionary entry. *) val replace_dict_entry : Pdf.t -> string -> Pdf.pdfobject -> Pdf.pdfobject option -> unit + +(** Check for injectible characters in a string, and error out if so. *) +val check_injectible : string -> unit