almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Prevent PDF from overwriting num_pages in Qubes

Browse source 
This should only affect the alpha version of Qubes OS (in containers
it only allows the attacker to control the timeout). In short, an
attacker could have PDF metadata that would show before "Pages:" in
the `pdfinfo` command output and this would essentially override the
number of pages measured in the server. This could enable the attacker
to shorten the number of pages of a document for example.

Fixes #565
This commit is contained in:
deeplow 2023-10-02 11:22:04 +01:00
parent dabdf6c286
commit 7daeccdfea
No known key found for this signature in database
GPG key ID: 577982871529A52A
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dangerzone/conversion/doc_to_pixels.py
View file

@ -254,7 +254,7 @@ class DocumentToPixels(DangerzoneConverter):
timeout=timeout,
)
search = re.search(r"Pages:\s*(\d+)\s*\n", stdout.decode())
search = re.search(r"^Pages:\s*(\d+)\s*\n", stdout.decode(), re.MULTILINE)
if search is not None:
num_pages: int = int(search.group(1))
else: