fenix/cpdf-source
1
0
Fork 0
mirror of https://github.com/johnwhitington/cpdf-source.git synced 2025-06-05 22:09:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Security improvements

Browse Source
This commit is contained in:
John Whitington 2025-04-24 15:59:28 +01:00
parent c759ecc4be
commit 505eb56e74
5 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
cpdfmanual.pdf
View File

Binary file not shown.

16
cpdfmanual.tex
View File

@ -179,9 +179,9 @@ These examples demonstrate just a few of the facilities provided by the Coherent
\section*{\hyperref[chap:4]{Chapter 4: Encryption and Decryption}} \section*{\hyperref[chap:4]{Chapter 4: Encryption and Decryption}}
\begin{framed}\noindent\texttt{cpdf -encrypt 128bit fred joe in.pdf -o out.pdf}\end{framed} \begin{framed}\noindent\texttt{cpdf -encrypt AES256ISO fred joe in.pdf -o out.pdf}\end{framed}
\noindent Encrypt \texttt{in.pdf} using 128bit PDF encryption using the owner password \texttt{fred} and the user password \texttt{joe} and writing the encrypted file to \texttt{out.pdf} \noindent Encrypt \texttt{in.pdf} using AES 256 PDF encryption using the owner password \texttt{fred} and the user password \texttt{joe} and writing the encrypted file to \texttt{out.pdf}
\begin{framed}\noindent\texttt{cpdf -decrypt in.pdf owner=fred -o out.pdf}\end{framed} \begin{framed}\noindent\texttt{cpdf -decrypt in.pdf owner=fred -o out.pdf}\end{framed}
@ -1931,11 +1931,11 @@ person:
\end{description} \end{description}
There are five kinds of encryption: There are five kinds of encryption:
\begin{itemize} \begin{itemize}
\item 40-bit encryption (method \texttt{40bit}) in Acrobat 3 (PDF 1.1) and above \item 40-bit encryption (method \texttt{40bit}) in Acrobat 3 (PDF 1.1) and above -- \textit{this is insecure -- do not use for new documents}
\item 128-bit encryption (method \texttt{128bit}) in Acrobat 5 (PDF 1.4) and above \item 128-bit encryption (method \texttt{128bit}) in Acrobat 5 (PDF 1.4) and above -- \textit{this is insecure -- do not use for new documents}
\item 128-bit AES encryption (method \texttt{AES}) in Acrobat 7 (PDF 1.6) and above \item 128-bit AES encryption (method \texttt{AES}) in Acrobat 7 (PDF 1.6) and above
\item 256-bit AES encryption (method \texttt{AES256}) in Acrobat 9 (PDF 1.7) -- \textit{this is deprecated -- do not use for new documents} \item 256-bit AES encryption (method \texttt{AES256}) in Acrobat 9 (PDF 1.7) -- \textit{this is deprecated -- do not use for new documents}
\item 256-bit AES encryption (method \texttt{AES256ISO}) in PDF 2.0 \item 256-bit AES encryption (method \texttt{AES256ISO}) in Acrobat 9 (PDF 1.7) and later. Also suitable for PDF 2.0.
\end{itemize} \end{itemize}
\vspace{2mm} \vspace{2mm}
@ -1972,13 +1972,13 @@ person:
To encrypt a document, the owner and user passwords must be given (here, \texttt{fred} and \texttt{charles} respectively): To encrypt a document, the owner and user passwords must be given (here, \texttt{fred} and \texttt{charles} respectively):
\begin{framed} \begin{framed}
\noindent\small\verb!cpdf -encrypt 40bit fred charles -no-print in.pdf -o out.pdf! \noindent\small\verb!cpdf -encrypt AES fred charles -no-print in.pdf -o out.pdf!
\vspace{1.5mm} \vspace{1.5mm}
\noindent\small\verb!cpdf -encrypt 128bit fred charles -no-extract in.pdf -o out.pdf! \noindent\small\verb!cpdf -encrypt AES fred charles -no-extract in.pdf -o out.pdf!
\vspace{1.5mm} \vspace{1.5mm}
\noindent\small\verb!cpdf -encrypt AES fred "" -no-edit -no-copy in.pdf -o out.pdf! \noindent\small\verb!cpdf -encrypt AES256ISO fred "" -no-edit -no-copy in.pdf -o out.pdf!
\end{framed} \end{framed}
\noindent A blank user password is \noindent A blank user password is

2
cpdfpng.ml
View File

@ -111,7 +111,7 @@ let concat_bytes ss =
let p = ref 0 in let p = ref 0 in
iter iter
(fun s -> (fun s ->
for x = 0 to bytes_size s - 1 do bset_unsafe s' !p (bget s x); incr p done) for x = 0 to bytes_size s - 1 do bset_unsafe s' !p (bget_unsafe s x); incr p done)
ss; ss;
s' s'

10
cpdfutil.ml
View File

@ -1,3 +1,5 @@
open Pdfutil
let rec dict_entry_single_object f pdf = function let rec dict_entry_single_object f pdf = function
| (Pdf.Dictionary d) -> f (Pdf.recurse_dict (dict_entry_single_object f pdf) d) | (Pdf.Dictionary d) -> f (Pdf.recurse_dict (dict_entry_single_object f pdf) d)
| (Pdf.Stream {contents = (Pdf.Dictionary dict, data)}) -> | (Pdf.Stream {contents = (Pdf.Dictionary dict, data)}) ->
@ -30,3 +32,11 @@ let replace_dict_entry pdf key value search =
Pdf.objselfmap (dict_entry_single_object f pdf) pdf; Pdf.objselfmap (dict_entry_single_object f pdf) pdf;
pdf.Pdf.trailerdict <- dict_entry_single_object f pdf pdf.Pdf.trailerdict pdf.Pdf.trailerdict <- dict_entry_single_object f pdf pdf.Pdf.trailerdict
let injectible = function '&' | '|' | '\n' | '`' | '$' -> true | _ -> false
let check_injectible s =
if List.exists injectible (explode s) then
begin
Pdfe.log "Insecure character in path name. Exiting\n";
exit 2
end

3
cpdfutil.mli
View File

@ -5,3 +5,6 @@ val remove_dict_entry : Pdf.t -> string -> Pdf.pdfobject option -> unit
(** Replace a dictionary entry. *) (** Replace a dictionary entry. *)
val replace_dict_entry : Pdf.t -> string -> Pdf.pdfobject -> Pdf.pdfobject option -> unit val replace_dict_entry : Pdf.t -> string -> Pdf.pdfobject -> Pdf.pdfobject option -> unit
(** Check for injectible characters in a string, and error out if so. *)
val check_injectible : string -> unit