From ed0667e0873d4103f1385dcbc8be3c46fe0ae2d8 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 19 Jun 2013 10:29:33 +0200 Subject: Added SHA256 hash calculation of original document do prevent application document injection --- .../egiz/pdfas/web/servlets/ProvidePDFServlet.java | 30 +++++++++++++++++----- 1 file changed, 23 insertions(+), 7 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java index 60c5d41..234640b 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java @@ -66,6 +66,8 @@ public class ProvidePDFServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String pdfIdString = request.getParameter(FormFields.FIELD_PDF_ID); + String plainPDFDigest = request.getParameter(FormFields.FIELD_ORIGINAL_DIGEST); + HttpSession session = request.getSession(); if (pdfIdString == null) { @@ -85,6 +87,14 @@ public class ProvidePDFServlet extends HttpServlet { // Popup-Blocker, Link-Prefetching, IE 9 SmartScreen-Filter...??? // session.removeAttribute(SessionAttributes.SIGNED_PDF_DOCUMENT); log.debug("Returning signed pdf to browser."); + if(plainPDFDigest != null) { + if(!plainPDFDigest.equalsIgnoreCase(si.plainPDFDigest)) { + log.error("PDF Digests don't match!"); + log.error("Requested digest: " + plainPDFDigest); + log.error("Saved digest: " + si.plainPDFDigest); + return; + } + } SignServletHelper.returnSignResponse(si, request, response); log.debug("Removing free text (if any) from session."); session.removeAttribute(UpdateFormServlet.UPLOADFORM_FREETEXT_KEY); @@ -93,32 +103,38 @@ public class ProvidePDFServlet extends HttpServlet { } else { long pdfId = Long.parseLong(pdfIdString); - byte[] pdf = null; - + PDFContainer pdf = null; synchronized (signedDocuments) { Iterator it = signedDocuments.iterator(); while (it.hasNext() && pdf == null) { PDFContainer current = (PDFContainer) it.next(); if (current.id == pdfId) { - pdf = current.pdf; + pdf = current; signedDocuments.remove(current); } } } - if (pdf != null) { + if (pdf != null && pdf.pdf != null) { try { - + if(plainPDFDigest != null) { + if(!plainPDFDigest.equalsIgnoreCase(pdf.originalDigest)) { + log.error("PDF Digests don't match! 1"); + log.error("Requested digest: " + plainPDFDigest); + log.error("Saved digest: " + pdf.originalDigest); + return; + } + } SignServletHelper.disableBrowserCacheForResponse(response); response.setContentType("application/pdf"); - response.setContentLength(pdf.length); + response.setContentLength(pdf.pdf.length); //SignSessionInformation si = (SignSessionInformation)session.getAttribute(SessionAttributes.ATTRIBUTE_SESSION_INFORMATION); String filename = (String)session.getAttribute(SignServlet.SUBMITFORM_FILENAME_KEY); response.setHeader("Content-disposition", "attachment; filename=\""+filename+"\""); - InputStream is = new ByteArrayInputStream(pdf); + InputStream is = new ByteArrayInputStream(pdf.pdf); final int bufferSize = 1024; byte[] buffer = new byte[bufferSize]; int len = -1; -- cgit v1.2.3