diff -Nru pdfcrack-0.19/benchmark.c pdfcrack-0.20/benchmark.c --- pdfcrack-0.19/benchmark.c 2019-08-18 23:29:03.000000000 +0000 +++ pdfcrack-0.20/benchmark.c 2022-10-31 13:52:08.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2006-2019 Henning Norén + * Copyright (C) 2006-2022 Henning Norén * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -67,7 +67,7 @@ unsigned int nrprocessed = 0; clock_t startTime, endTime; - buf = calloc(COMMON_SHA256_SLOW_SIZE, sizeof(uint8_t)); + buf = checked_calloc(COMMON_SHA256_SLOW_SIZE, sizeof(uint8_t)); alarm(BENCHINTERVAL); startTime = clock(); @@ -101,7 +101,7 @@ unsigned int nrprocessed = 0; clock_t startTime, endTime; - buf = calloc(COMMON_MD5_SIZE, sizeof(uint8_t)); + buf = checked_calloc(COMMON_MD5_SIZE, sizeof(uint8_t)); alarm(BENCHINTERVAL); startTime = clock(); @@ -121,7 +121,7 @@ unsigned int nrprocessed = 0; clock_t startTime, endTime; - buf = calloc(16, sizeof(uint8_t)); + buf = checked_calloc(16, sizeof(uint8_t)); md5_50_init(16); alarm(BENCHINTERVAL); startTime = clock(); @@ -171,7 +171,7 @@ unsigned int nrprocessed = 0; clock_t startTime, endTime; - enckey = calloc(16, sizeof(uint8_t)); + enckey = checked_calloc(16, sizeof(uint8_t)); alarm(BENCHINTERVAL); startTime = clock(); diff -Nru pdfcrack-0.19/changelog pdfcrack-0.20/changelog --- pdfcrack-0.19/changelog 2020-04-23 19:38:35.000000000 +0000 +++ pdfcrack-0.20/changelog 2022-10-31 13:35:21.000000000 +0000 @@ -1,3 +1,10 @@ +2022-10-31 Henning Norén - 0.20 +* Fix a bunch of gcc signedness warnings +* Added OOM-checked on malloc/calloc to fix warnings +* We do not know how to handle PDF rev 1, so lets not try (thanks to Gerd Pommerenke for report) +* Fix cast from int to char confusion in pdfparser (thanks to Buddy H. for report) +* Handle some more variants of argument options (thanks to Shirish Agarwal for report) +* Bump version to 0.20 2020-04-24 Henning Norén - 0.19 * Fix MD5-calculation for very short keylengths (impossible in PDF-files) * Do not allow longer RC5 than 128 bits due to undefined behavior in specs @@ -9,7 +16,7 @@ * Update copyright years for all changed files * Relax the search for encrypt object a bit more (thanks to Oleg for report) * Tweak benchmark to make better comparison between md5_50 slow and fast -* Multiple inputfiles (-l) is not supported, so warn if used +* Multiple inputfiles (-l) is not supported, so warn if used * Remove a bunch of unecessary if(ptr) before free(ptr) * Bump version to 0.18 2019-04-17 Henning Norén - 0.17 diff -Nru pdfcrack-0.19/common.c pdfcrack-0.20/common.c --- pdfcrack-0.19/common.c 2019-08-18 23:28:56.000000000 +0000 +++ pdfcrack-0.20/common.c 2022-10-31 13:52:21.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2006-2019 Henning Norén + * Copyright (C) 2006-2022 Henning Norén * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,6 +21,26 @@ #include #include "common.h" +void* +checked_malloc(size_t size) { + void *ret = malloc(size); + if(ret == NULL) { + fprintf(stderr, "Out of memory"); + exit(69); + } + return ret; +} + +void* +checked_calloc(size_t nmemb, size_t size) { + void *ret = calloc(nmemb, size); + if(ret == NULL) { + fprintf(stderr, "Out of memory"); + exit(69); + } + return ret; +} + void freeEncData(EncData *e) { if(!e) diff -Nru pdfcrack-0.19/common.h pdfcrack-0.20/common.h --- pdfcrack-0.19/common.h 2020-04-24 15:11:32.000000000 +0000 +++ pdfcrack-0.20/common.h 2022-10-31 13:52:36.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2006-2020 Henning Norén + * Copyright (C) 2006-2022 Henning Norén * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -56,6 +56,12 @@ Generative } passwordMethod; +void* +checked_malloc(size_t size); + +void* +checked_calloc(size_t nmemb, size_t size); + void freeEncData(EncData *e); diff -Nru pdfcrack-0.19/debian/changelog pdfcrack-0.20/debian/changelog --- pdfcrack-0.19/debian/changelog 2022-06-25 15:56:06.000000000 +0000 +++ pdfcrack-0.20/debian/changelog 2022-10-31 16:12:36.000000000 +0000 @@ -1,3 +1,14 @@ +pdfcrack (0.20-1) unstable; urgency=medium + + * New upstream version 0.20. (Closes: #1023180) + * debian/copyright: + - Converted the last paragraph of the GPL-2 in a comment. + - Updated upstream copyright years. + * debian/source/lintian-overrides: removed because this override is no + longer needed. + + -- Joao Eriberto Mota Filho Mon, 31 Oct 2022 13:12:36 -0300 + pdfcrack (0.19-3) unstable; urgency=medium * debian/control: bumped Standards-Version to 4.6.1. diff -Nru pdfcrack-0.19/debian/copyright pdfcrack-0.20/debian/copyright --- pdfcrack-0.19/debian/copyright 2022-06-25 15:55:53.000000000 +0000 +++ pdfcrack-0.20/debian/copyright 2022-10-31 16:12:36.000000000 +0000 @@ -3,8 +3,7 @@ Source: http://sf.net/projects/pdfcrack Files: * -Copyright: 2006-2020 Henning Norén +Copyright: 2006-2022 Henning Norén License: GPL-2+ Files: md5.c @@ -34,6 +33,6 @@ . You should have received a copy of the GNU General Public License along with this program. If not, see - . +Comment: On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". diff -Nru pdfcrack-0.19/debian/source/lintian-overrides pdfcrack-0.20/debian/source/lintian-overrides --- pdfcrack-0.19/debian/source/lintian-overrides 2022-06-25 15:56:06.000000000 +0000 +++ pdfcrack-0.20/debian/source/lintian-overrides 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -# Not a real problem. This is a PDF generated by me (Eriberto) to allow the -# package to run a CI test. -pdfcrack source: very-long-line-length-in-source-file 736 > 512 [debian/tests/test.pdf:23] diff -Nru pdfcrack-0.19/main.c pdfcrack-0.20/main.c --- pdfcrack-0.19/main.c 2020-04-24 15:11:53.000000000 +0000 +++ pdfcrack-0.20/main.c 2022-10-31 13:51:31.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2006-2020 Henning Norén + * Copyright (C) 2006-2022 Henning Norén * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,7 +31,7 @@ #define PRINTERVAL 20 /** Print Progress Interval (seconds) */ #define CRASHFILE "savedstate.sav" #define VERSION_MAJOR 0 -#define VERSION_MINOR 19 +#define VERSION_MINOR 20 #define _FILE_OFFSET_BITS 64 @@ -96,6 +96,7 @@ /** Parse arguments */ while(true) { int c, option_index; + char *endptr; static struct option long_options[] = { {"bench", no_argument , 0, 'b'}, {"charset", required_argument, 0, 'c'}, @@ -147,11 +148,25 @@ break; case 'm': - maxpw = atoi(optarg); + if(optarg[0] == '=') + optarg++; + maxpw = (int)strtol(optarg,&endptr, 10); + if (*endptr != '\0' || endptr == optarg) { + printHelp(argv[0]); + ret = 1; + goto out2; + } break; case 'n': - minpw = atoi(optarg); + if(optarg[0] == '=') + optarg++; + minpw = (int)strtol(optarg,&endptr, 10); + if (*endptr != '\0' || endptr == optarg) { + printHelp(argv[0]); + ret = 1; + goto out2; + } break; case 'o': @@ -231,7 +246,7 @@ goto out2; } - e = calloc(1,sizeof(EncData)); + e = checked_calloc(1,sizeof(EncData)); if(recovery) { if(wordlistfile) { diff -Nru pdfcrack-0.19/md5.c pdfcrack-0.20/md5.c --- pdfcrack-0.19/md5.c 2020-04-24 15:11:06.000000000 +0000 +++ pdfcrack-0.20/md5.c 2022-10-31 13:55:15.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2006-2020 Henning Norén + * Copyright (C) 2006-2022 Henning Norén * Copyright (C) 1996-2005 Glyph & Cog, LLC. * * This program is free software; you can redistribute it and/or @@ -62,7 +62,7 @@ /** compute number of 64-byte blocks (length + pad byte (0x80) + 8 bytes for length) */ - n64 = (msgLen + 72) / 64; + n64 = ((int)msgLen + 72) / 64; /** initialize a, b, c, d */ a = AA; diff -Nru pdfcrack-0.19/passwords.c pdfcrack-0.20/passwords.c --- pdfcrack-0.19/passwords.c 2017-05-11 03:04:20.000000000 +0000 +++ pdfcrack-0.20/passwords.c 2022-10-31 13:53:00.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2006-2017 Henning Norén + * Copyright (C) 2006-2022 Henning Norén * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -86,7 +86,7 @@ "0123456789"}; static const uint8_t *charset; -static unsigned int charsetLen; +static int charsetLen; static unsigned int maxPasswordLen; static int password[PASSLENGTH]; @@ -112,7 +112,7 @@ the next one and return true unless we have reached the last position we want to try. */ - while(++password[i] == (int)charsetLen) + while(++password[i] == charsetLen) password[i++] = 0; return (i != maxPasswordLen); @@ -187,8 +187,7 @@ bool pw_loadState(FILE *file, char **wl) { - int pm; - unsigned int i, len; + int pm, i, len; char * __restrict string; if(fscanf(file, string_PM, &pm) < 1) @@ -201,7 +200,7 @@ if(charsetLen > 256 || charsetLen < 1) return false; - string = malloc(sizeof(uint8_t)*charsetLen+1); + string = checked_malloc((sizeof(uint8_t)*(size_t)charsetLen+1)); for(i=0;i 32767) return false; - string = malloc(sizeof(char)*len+1); + string = checked_malloc(sizeof(char)*(size_t)len+1); for(i=0;i= 3 && !encMetaData) ? 72 : 68; - encKeyWorkSpace = malloc(size + fileIDLen); + encKeyWorkSpace = checked_malloc(size + fileIDLen); /** Just to be sure we have no uninitalized stuff in the workspace */ memcpy(encKeyWorkSpace, pad, 32); @@ -661,10 +661,10 @@ } } else if(e->revision >= 3) { - buf = malloc(32+sizeof(uint8_t)*e->fileIDLen); + buf = checked_malloc(32+sizeof(uint8_t)*e->fileIDLen); memcpy(buf, pad, 32); memcpy(buf + 32, e->fileID, e->fileIDLen); - tmp = malloc(sizeof(uint8_t)*16); + tmp = checked_malloc(sizeof(uint8_t)*16); md5(buf, 32+e->fileIDLen, tmp); free(buf); rev3TestKey = tmp; @@ -725,7 +725,7 @@ e->encryptMetaData = (tmp == true); /** Load the FileID */ - e->fileID = malloc(sizeof(uint8_t)*e->fileIDLen); + e->fileID = checked_malloc(sizeof(uint8_t)*e->fileIDLen); for(i=0;ifileIDLen;i++) { if(fscanf(file, " %d", &tmp) < 1) return false; @@ -740,7 +740,7 @@ if(len > 256 || len <= 0) return false; - e->s_handler = malloc((sizeof(uint8_t)*len)+1); + e->s_handler = checked_malloc((sizeof(uint8_t)*len)+1); for(i=0;i<(unsigned int)len;i++) { e->s_handler[i] = getc(file); @@ -752,7 +752,7 @@ /** Currently we only handle Standard, so probably corrupt otherwise */ if(strcmp(e->s_handler,"Standard") != 0) return false; - + /** Load the U- and O-strings */ if(fscanf(file, "\nO:") == EOF) return false; @@ -760,8 +760,8 @@ len = 48; else len = 32; - e->o_string = malloc(sizeof(uint8_t)*len); - e->u_string = malloc(sizeof(uint8_t)*len); + e->o_string = checked_malloc(sizeof(uint8_t)*len); + e->u_string = checked_malloc(sizeof(uint8_t)*len); for(i=0;iu_string[i] = tmp; } - + /** Load the simple values bound to the state */ if(fscanf(file, string_UUPWP, &tmp, &tmp2, &tmp3) < 3) return false; diff -Nru pdfcrack-0.19/pdfparser.c pdfcrack-0.20/pdfparser.c --- pdfcrack-0.19/pdfparser.c 2020-04-24 15:27:22.000000000 +0000 +++ pdfcrack-0.20/pdfparser.c 2022-10-31 13:51:43.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2006-2020 Henning Norén + * Copyright (C) 2006-2022 Henning Norén * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -93,7 +93,7 @@ } -static char +static int parseWhiteSpace(FILE *file) { int ch; do { @@ -140,7 +140,7 @@ } ungetc(ch, file); buff[i++] = '\0'; - ret = malloc(sizeof(char)*i); + ret = checked_malloc(sizeof(char)*i); memcpy(ret, buff, i); return ret; } @@ -216,8 +216,8 @@ unsigned int i,j; p_str *ret; - ret = malloc(sizeof(p_str)); - ret->content = malloc(sizeof(uint8_t)*(len/2)); + ret = checked_malloc(sizeof(p_str)); + ret->content = checked_malloc(sizeof(uint8_t)*(len/2)); ret->len = (len/2); for(i=0, j=0; icontent = malloc(sizeof(uint8_t)*(l)); + ret = checked_malloc(sizeof(p_str)); + ret->content = checked_malloc(sizeof(uint8_t)*(l)); ret->len = l-1; memcpy(ret->content, tmp, l); diff -Nru pdfcrack-0.19/pdfreader.c pdfcrack-0.20/pdfreader.c --- pdfcrack-0.19/pdfreader.c 2019-08-18 23:28:42.000000000 +0000 +++ pdfcrack-0.20/pdfreader.c 2022-10-31 13:53:56.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2006-2019 Henning Norén + * Copyright (C) 2006-2022 Henning Norén * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,8 +21,6 @@ #include #include #include -//#include -//#include #define _FILE_OFFSET_BITS 64 @@ -41,7 +39,7 @@ exit(2); } // int ch; - e = calloc(1,sizeof(EncData)); + e = checked_calloc(1,sizeof(EncData)); if(!openPDF(file,e)) { fprintf(stderr, "Error: Not a valid PDF\n"); diff -Nru pdfcrack-0.19/rc4.c pdfcrack-0.20/rc4.c --- pdfcrack-0.19/rc4.c 2020-04-24 15:10:27.000000000 +0000 +++ pdfcrack-0.20/rc4.c 2022-01-29 15:42:22.000000000 +0000 @@ -204,7 +204,7 @@ j = 0; i = -1; do { - key_pass( (i % keyLen) ); + key_pass( ((unsigned int)i % keyLen) ); } while(i < 255); j = 0; diff -Nru pdfcrack-0.19/sha256.c pdfcrack-0.20/sha256.c --- pdfcrack-0.19/sha256.c 2015-09-23 18:28:33.000000000 +0000 +++ pdfcrack-0.20/sha256.c 2022-10-31 13:54:12.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2014-2015 Henning Norén + * Copyright (C) 2014-2022 Henning Norén * Copyright (C) 1996-2011 Glyph & Cog, LLC * * This program is free software; you can redistribute it and/or @@ -141,10 +141,10 @@ hash[7] += H; } -void sha256(const uint8_t *msg, const int msgLen, uint8_t *hash) { +void sha256(const uint8_t *msg, const unsigned int msgLen, uint8_t *hash) { uint8_t blk[64]; uint32_t H[8]; - int blkLen, i; + unsigned int blkLen, i; H[0] = 0x6a09e667; H[1] = 0xbb67ae85; @@ -159,7 +159,7 @@ sha256HashBlock(msg+i, H); } blkLen = msgLen - i; - memcpy(blk, msg + i, blkLen); + memcpy(blk, msg + i, (size_t)blkLen); /* pad the message */ blk[blkLen++] = 0x80; @@ -193,10 +193,10 @@ } /** Fast sha256 for msgLen < 56 */ -void sha256f(const uint8_t *msg, const int msgLen, uint8_t *hash) { +void sha256f(const uint8_t *msg, const unsigned int msgLen, uint8_t *hash) { uint8_t blk[64]; uint32_t H[8]; - int blkLen, i; + unsigned int blkLen, i; H[0] = 0x6a09e667; H[1] = 0xbb67ae85; @@ -208,7 +208,7 @@ H[7] = 0x5be0cd19; blkLen = msgLen; - memcpy(blk, msg, blkLen); + memcpy(blk, msg, (size_t)blkLen); /* pad the message */ blk[blkLen++] = 0x80; diff -Nru pdfcrack-0.19/sha256.h pdfcrack-0.20/sha256.h --- pdfcrack-0.19/sha256.h 2014-02-06 12:17:41.000000000 +0000 +++ pdfcrack-0.20/sha256.h 2022-10-31 13:54:45.000000000 +0000 @@ -1,5 +1,5 @@ /** - * Copyright (C) 2014 Henning Norén + * Copyright (C) 2014-2022 Henning Norén * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,7 +22,7 @@ #include -void sha256(const uint8_t *msg, const int msgLen, uint8_t *hash); -void sha256f(const uint8_t *msg, const int msgLen, uint8_t *hash); +void sha256(const uint8_t *msg, const unsigned int msgLen, uint8_t *hash); +void sha256f(const uint8_t *msg, const unsigned int msgLen, uint8_t *hash); #endif /** _SHA256_H_ */