Tolerate unpadded empty plaintext

See #412
MatthiasValvekens · Mar 26, 2024 · 5928c5b · 5928c5b
1 parent 0d98323
commit 5928c5b
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/pyhanko/pdf_utils/crypt/_util.py b/pyhanko/pdf_utils/crypt/_util.py
@@ -15,7 +15,8 @@ def aes_cbc_decrypt(key, data, iv, use_padding=True):
     decryptor = cipher.decryptor()
     plaintext = decryptor.update(data) + decryptor.finalize()
 
-    if use_padding:
+    # we tolerate empty messages that don't have padding
+    if use_padding and len(plaintext) > 0:
         unpadder = padding.PKCS7(128).unpadder()
         return unpadder.update(plaintext) + unpadder.finalize()
     else:

diff --git a/pyhanko_tests/data/pdf/minimal-aes256-empty-encrypted-string.pdf b/pyhanko_tests/data/pdf/minimal-aes256-empty-encrypted-string.pdf
diff --git a/pyhanko_tests/test_crypt.py b/pyhanko_tests/test_crypt.py
@@ -1569,3 +1569,19 @@ def test_tolerate_direct_encryption_dict_in_nonstrict():
         r.decrypt('ownersecret')
         data = r.root['/Pages']['/Kids'][0]['/Contents'].data
         assert b'Hello' in data
+
+
+def test_tolerate_empty_encrypted_string():
+    with open(
+        os.path.join(PDF_DATA_DIR, 'minimal-aes256-empty-encrypted-string.pdf'),
+        'rb',
+    ) as inf:
+        r = PdfFileReader(inf)
+        r.decrypt('secret')
+        obj = r.root.raw_get('/Blah', decrypt=generic.EncryptedObjAccess.PROXY)
+        assert isinstance(obj, generic.DecryptedObjectProxy)
+        decrypted = obj.decrypted
+        assert isinstance(
+            decrypted, (generic.TextStringObject, generic.ByteStringObject)
+        )
+        assert decrypted.original_bytes == b""