aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-web/src/main/java/at
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2016-03-03 11:43:04 +0100
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2016-03-03 11:43:04 +0100
commitc5f6f204ce7b784640a33bb4de0416282750749c (patch)
tree3529ccb853a793863e78e8154c883b4cc817f0ef /pdf-as-web/src/main/java/at
parent835e2a678b6899231ca81e4f0354e6a4f17a277c (diff)
downloadpdf-as-4-c5f6f204ce7b784640a33bb4de0416282750749c.tar.gz
pdf-as-4-c5f6f204ce7b784640a33bb4de0416282750749c.tar.bz2
pdf-as-4-c5f6f204ce7b784640a33bb4de0416282750749c.zip
Check signature data is valid pdf
Diffstat (limited to 'pdf-as-web/src/main/java/at')
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java9
1 files changed, 7 insertions, 2 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
index 9e217058..a462480e 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
@@ -118,7 +118,7 @@ public class ExternSignServlet extends HttpServlet {
byte[] pdfData = RemotePDFFetcher.fetchPdfFile(pdfUrl);
doSignature(request, response, pdfData, statisticEvent);
} catch (Exception e) {
-
+ logger.error("Signature failed", e);
statisticEvent.setStatus(Status.ERROR);
statisticEvent.setException(e);
if(e instanceof PDFASError) {
@@ -268,7 +268,7 @@ public class ExternSignServlet extends HttpServlet {
doSignature(request, response, filecontent, statisticEvent);
} catch (Exception e) {
-
+ logger.error("Signature failed", e);
statisticEvent.setStatus(Status.ERROR);
statisticEvent.setException(e);
if(e instanceof PDFASError) {
@@ -287,6 +287,11 @@ public class ExternSignServlet extends HttpServlet {
protected void doSignature(HttpServletRequest request,
HttpServletResponse response, byte[] pdfData, StatisticEvent statisticEvent) throws Exception {
+ if(pdfData[0] != 0x25 || pdfData[1] != 0x50 || pdfData[2] != 0x44 || pdfData[3] != 0x46) {
+ throw new PdfAsWebException(
+ "Received data is not a valid PDF-Document");
+ }
+
// Get Connector
String connector = PdfAsParameterExtractor.getConnector(request);