Google Git
Sign in
pdfium/pdfium.git/fc3ef15b5bc4d8eedc4a63f05723dee5c8e171b9^!/.
commit
fc3ef15b5bc4d8eedc4a63f05723dee5c8e171b9
[log]
author
Lei Zhang <thestig@chromium.org>
Mon Dec 16 21:38:02 2019 +0000
committer
Chromium commit bot <commit-bot@chromium.org>
Mon Dec 16 21:38:02 2019 +0000
tree
d6a930309bec2a3540fa98fc69f513216fcac8f2
parent
1a5c057a0dbdb34deadcf437e2922356d7e8392f [diff]
Do more password verification when there is an ID change.

For standard security handler revision 2 and 3, the ownership password
value is not tied to the document ID in the trailer, whereas the user
password is. Given this, do as much verification as possible in
CPDFSecurityHandlerEmbedderTests for situations where the document ID
changes.

Change-Id: I53cfc84820756af539eafcf28377f75b1c1d9407
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/63930
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>

diff --git a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp
index 1acb6d7..acb2ec3 100644
--- a/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler_embeddertest.cpp

@@ -202,6 +202,14 @@
   ClearString();
   RemoveTrailerIdFromDocument();
   EXPECT_TRUE(FPDF_SaveAsCopy(document(), this, 0));
+  // With revision 2 and 3, the owner password is not tied to the document ID in
+  // the trailer, so the owner password entry remains in the copy and is still
+  // valid, even though the document ID has changed.
+  // The user password is tied to the document ID, so without an existing ID,
+  // the user password entry has to be regenerated with the owner password.
+  // Since the user password was not used to decrypt the document, it cannot be
+  // recovered. Thus only verify the owner password, which is now also the user
+  // password.
   VerifySavedHelloWorldDocumentWithPassword(kAgeLatin1);
   VerifySavedHelloWorldDocumentWithPassword(kAgeUTF8);
 }
@@ -367,8 +375,14 @@
   ClearString();
   RemoveTrailerIdFromDocument();
   EXPECT_TRUE(FPDF_SaveAsCopy(document(), this, 0));
+  // Unlike the OwnerPasswordVersion2UTF8 test case, the user password was used
+  // to decrypt the document, so it is available to regenerated the user
+  // password entry. Thus it is possible to verify with both the unmodified
+  // owner password, and the updated user password.
   VerifySavedHelloWorldDocumentWithPassword(kAgeLatin1);
   VerifySavedHelloWorldDocumentWithPassword(kAgeUTF8);
+  VerifySavedHelloWorldDocumentWithPassword(kHotelLatin1);
+  VerifySavedHelloWorldDocumentWithPassword(kHotelUTF8);
 }
 
 TEST_F(CPDFSecurityHandlerEmbedderTest, UserPasswordVersion2Latin1) {
@@ -387,6 +401,8 @@
   EXPECT_TRUE(FPDF_SaveAsCopy(document(), this, 0));
   VerifySavedHelloWorldDocumentWithPassword(kAgeLatin1);
   VerifySavedHelloWorldDocumentWithPassword(kAgeUTF8);
+  VerifySavedHelloWorldDocumentWithPassword(kHotelLatin1);
+  VerifySavedHelloWorldDocumentWithPassword(kHotelUTF8);
 }
 
 TEST_F(CPDFSecurityHandlerEmbedderTest, UserPasswordVersion3UTF8) {
@@ -405,6 +421,8 @@
   EXPECT_TRUE(FPDF_SaveAsCopy(document(), this, 0));
   VerifySavedHelloWorldDocumentWithPassword(kAgeLatin1);
   VerifySavedHelloWorldDocumentWithPassword(kAgeUTF8);
+  VerifySavedHelloWorldDocumentWithPassword(kHotelLatin1);
+  VerifySavedHelloWorldDocumentWithPassword(kHotelUTF8);
 }
 
 TEST_F(CPDFSecurityHandlerEmbedderTest, UserPasswordVersion3Latin1) {
@@ -423,6 +441,8 @@
   EXPECT_TRUE(FPDF_SaveAsCopy(document(), this, 0));
   VerifySavedHelloWorldDocumentWithPassword(kAgeLatin1);
   VerifySavedHelloWorldDocumentWithPassword(kAgeUTF8);
+  VerifySavedHelloWorldDocumentWithPassword(kHotelLatin1);
+  VerifySavedHelloWorldDocumentWithPassword(kHotelUTF8);
 }
 
 TEST_F(CPDFSecurityHandlerEmbedderTest, UserPasswordVersion5UTF8) {