PDFBOX-5955: pad encryption key as suggested by Ross Johnson

THausherr · THausherr · commit 624210fefa7f · 2025-02-26T12:08:18.000Z
git-svn-id: https://svn.apache.org/repos/asf/pdfbox/trunk@1924051 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java b/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java
@@ -258,15 +258,20 @@ public void prepareForDecryption(PDEncryption encryption, COSArray documentIDArr
                         ownerKey, dicRevision, dicLength );
             }
             
-            setEncryptionKey(
-                computeEncryptedKey(
+            byte[] encryptedKey = computeEncryptedKey(
                     computedPassword,
                     ownerKey, userKey, oe, ue,
                     dicPermissions,
                     documentIDBytes,
                     dicRevision,
                     dicLength,
-                    encryptMetadata, true));
+                    encryptMetadata, true);
+            if (dicRevision == REVISION_4 && encryptedKey.length < 16)
+            {
+                LOG.info("PDFBOX-5955: padding RC4 key to length 16");
+                encryptedKey = Arrays.copyOf(encryptedKey, 16);
+            }
+            setEncryptionKey(encryptedKey);
         }
         else if( isUserPassword(password.getBytes(passwordCharset), userKey, ownerKey,
                            dicPermissions, documentIDBytes, dicRevision,
@@ -276,15 +281,20 @@ else if( isUserPassword(password.getBytes(passwordCharset), userKey, ownerKey,
             currentAccessPermission.setReadOnly();
             setCurrentAccessPermission(currentAccessPermission);
             
-            setEncryptionKey(
-                computeEncryptedKey(
+            byte[] encryptedKey = computeEncryptedKey(
                     password.getBytes(passwordCharset),
                     ownerKey, userKey, oe, ue,
                     dicPermissions,
                     documentIDBytes,
                     dicRevision,
                     dicLength,
-                    encryptMetadata, false));
+                    encryptMetadata, false);
+            if (dicRevision == REVISION_4 && encryptedKey.length < 16)
+            {
+                LOG.info("PDFBOX-5955: padding RC4 key to length 16");
+                encryptedKey = Arrays.copyOf(encryptedKey, 16);
+            }
+            setEncryptionKey(encryptedKey);
         }
         else
         {
