summaryrefslogtreecommitdiff
path: root/pdf-as-web
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-web')
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java9
1 files changed, 7 insertions, 2 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
index 9e217058..a462480e 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
@@ -118,7 +118,7 @@ public class ExternSignServlet extends HttpServlet {
byte[] pdfData = RemotePDFFetcher.fetchPdfFile(pdfUrl);
doSignature(request, response, pdfData, statisticEvent);
} catch (Exception e) {
-
+ logger.error("Signature failed", e);
statisticEvent.setStatus(Status.ERROR);
statisticEvent.setException(e);
if(e instanceof PDFASError) {
@@ -268,7 +268,7 @@ public class ExternSignServlet extends HttpServlet {
doSignature(request, response, filecontent, statisticEvent);
} catch (Exception e) {
-
+ logger.error("Signature failed", e);
statisticEvent.setStatus(Status.ERROR);
statisticEvent.setException(e);
if(e instanceof PDFASError) {
@@ -287,6 +287,11 @@ public class ExternSignServlet extends HttpServlet {
protected void doSignature(HttpServletRequest request,
HttpServletResponse response, byte[] pdfData, StatisticEvent statisticEvent) throws Exception {
+ if(pdfData[0] != 0x25 || pdfData[1] != 0x50 || pdfData[2] != 0x44 || pdfData[3] != 0x46) {
+ throw new PdfAsWebException(
+ "Received data is not a valid PDF-Document");
+ }
+
// Get Connector
String connector = PdfAsParameterExtractor.getConnector(request);
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 07:47:36 +0000