diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2016-03-03 11:43:04 +0100 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2016-03-03 11:43:04 +0100 |
commit | c5f6f204ce7b784640a33bb4de0416282750749c (patch) | |
tree | 3529ccb853a793863e78e8154c883b4cc817f0ef /pdf-as-web/src/main/java/at | |
parent | 835e2a678b6899231ca81e4f0354e6a4f17a277c (diff) | |
download | pdf-as-4-c5f6f204ce7b784640a33bb4de0416282750749c.tar.gz pdf-as-4-c5f6f204ce7b784640a33bb4de0416282750749c.tar.bz2 pdf-as-4-c5f6f204ce7b784640a33bb4de0416282750749c.zip |
Check signature data is valid pdf
Diffstat (limited to 'pdf-as-web/src/main/java/at')
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java index 9e217058..a462480e 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java @@ -118,7 +118,7 @@ public class ExternSignServlet extends HttpServlet { byte[] pdfData = RemotePDFFetcher.fetchPdfFile(pdfUrl); doSignature(request, response, pdfData, statisticEvent); } catch (Exception e) { - + logger.error("Signature failed", e); statisticEvent.setStatus(Status.ERROR); statisticEvent.setException(e); if(e instanceof PDFASError) { @@ -268,7 +268,7 @@ public class ExternSignServlet extends HttpServlet { doSignature(request, response, filecontent, statisticEvent); } catch (Exception e) { - + logger.error("Signature failed", e); statisticEvent.setStatus(Status.ERROR); statisticEvent.setException(e); if(e instanceof PDFASError) { @@ -287,6 +287,11 @@ public class ExternSignServlet extends HttpServlet { protected void doSignature(HttpServletRequest request, HttpServletResponse response, byte[] pdfData, StatisticEvent statisticEvent) throws Exception { + if(pdfData[0] != 0x25 || pdfData[1] != 0x50 || pdfData[2] != 0x44 || pdfData[3] != 0x46) { + throw new PdfAsWebException( + "Received data is not a valid PDF-Document"); + } + // Get Connector String connector = PdfAsParameterExtractor.getConnector(request); |