From 0b868365e79616bc343ee412d4c1f69924c06ec5 Mon Sep 17 00:00:00 2001
From: Vitali Prudnikovich <vitali.prudnikovich@apryse.com>
Date: Tue, 4 Mar 2025 10:15:01 +0000
Subject: [PATCH] Handle 32bit positive permissions entry in security handler

Autoported commit.
Original commit hash: [750a1ef4c]
---
 .../crypto/pdfencryption/PdfEncryptionTest.cs    |   9 +++++++++
 ...tedWithPasswordAes256_modifiedPermissions.pdf | Bin 0 -> 4329 bytes
 .../StandardHandlerUsingAes256.cs                |   2 +-
 .../StandardHandlerUsingStandard40.cs            |   2 +-
 .../itext/pdfua/checkers/PdfUA1Checker.cs        |   2 +-
 port-hash                                        |   2 +-
 6 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 itext.tests/itext.kernel.tests/resources/itext/kernel/crypto/pdfencryption/PdfEncryptionTest/encryptedWithPasswordAes256_modifiedPermissions.pdf

diff --git a/itext.tests/itext.kernel.tests/itext/kernel/crypto/pdfencryption/PdfEncryptionTest.cs b/itext.tests/itext.kernel.tests/itext/kernel/crypto/pdfencryption/PdfEncryptionTest.cs
index 107ce575fc..8cb9e86823 100644
--- a/itext.tests/itext.kernel.tests/itext/kernel/crypto/pdfencryption/PdfEncryptionTest.cs
+++ b/itext.tests/itext.kernel.tests/itext/kernel/crypto/pdfencryption/PdfEncryptionTest.cs
@@ -485,6 +485,15 @@ public virtual void OpenEncryptedWithPasswordDocWithDefaultKeyLength() {
             }
         }
 
+        [NUnit.Framework.Test]
+        public virtual void CheckPermissionsLongValue() {
+            // The test checks
+            // that no IoLogMessageConstant.ENCRYPTION_ENTRIES_P_AND_ENCRYPT_METADATA_NOT_CORRESPOND_PERMS_ENTRY is logged
+            PdfDocument doc = new PdfDocument(new PdfReader(sourceFolder + "encryptedWithPasswordAes256_modifiedPermissions.pdf"
+                , new ReaderProperties().SetPassword(PdfEncryptionTestUtils.OWNER)));
+            doc.Close();
+        }
+
         public virtual void EncryptWithPassword2(String filename, int encryptionType, int compression) {
             EncryptWithPassword2(filename, encryptionType, compression, false);
         }
diff --git a/itext.tests/itext.kernel.tests/resources/itext/kernel/crypto/pdfencryption/PdfEncryptionTest/encryptedWithPasswordAes256_modifiedPermissions.pdf b/itext.tests/itext.kernel.tests/resources/itext/kernel/crypto/pdfencryption/PdfEncryptionTest/encryptedWithPasswordAes256_modifiedPermissions.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..25741acf071dbf91faa39c637693f858c2cf2208
GIT binary patch
literal 4329
zcmbtYc{r5a`zIACYYP<_%9dp|vseo=(hSBDN+X6DjAbS>gE17cWG4~|B}Gw|me-m}
zmPn~a6e>Gq4JERCpYhh)?|Qp_*Y}U_^T#>oxzGK%&%Hg@bv}=xCB{Sps)-U->>p_3
z3L`)e5Z%R7SWgdZLiJ`*7+@1`5{rVNxYEfKuo;Es&hh}EAqECa7K1|a5hmUmsghsn
z4k&uL>gzKf?EApY#KvOatHY~_@4iDEXV{gUqs5=K#iyQW#JVm&&0!_GnHHv(q#j#U
zgGj1{DtbxomU76z_4cA_zh29~WFaF=p^<-@239;zw0?VJOsBCZG!_%Y^U@k@P9alC
zMs)UZ2=I!~Mu5;-Fh{T@i2>+<U~4MY6eit|;Ywlh;sMaS2?|2;_6&dre1t*u`NP7I
zz>^ffj621^faea+2`GU0nHF;ji$o@|NFdbO2|PXK&(qd`#=xF8-TgNf{u^ry<cvk7
z(=b3vRfzx2o%5KPJ2eP9<XBIHz+jm*7U0`N2n3om`eN+sRn&;yLfWck23-|w?8ju$
zeg4GnpC^BO^3a6{fx~rDJBV%%?!pFC!RB=G|8|@ugHHByr7-?Hkc6o>sJ1ucmLP6%
zaDdZrXr}_oClc@;;oPGc!vq#cz46urB8wN$Xi^)Xg8I;{3F3vN1jr!dPMy+bb@_Kp
z-FMo@@zBpTL<kga%U1oJJzlMTX5NUzr0|LeHl=v`Q&?125*SMZ`jSd>2isF=hBPMi
zpLZKS7Z$IKypllI#<lwYw#(~}pLUJuen7)O!FVc}d7Rg7){cK8)@u73!YlYs$j=V}
zhD5=@zm7U;ZuU3qSBLz+AIZiGpPw;hC1Mj~G?vOn0-kr)a+B=uOB`1lNOZN(TCea~
zk)SqhP<d|xZf&-SNs@1$-N%s;v%CNKUbtV?_R3Qg$+Lr)0@hU9_UhRuI_0ku0&>~$
zhp%t=qQ_sBVwad-5e`$(jfjfNs5-H=rP1ubbeX=~uK4j&GcJN>uoYd4h`{m|zqYF~
z5vcTIj?e{d%2QfX#DjfE$)e>j^W1RSr52+u=-^CV@T12vZ%aMipZ#(Zg&qAw5cttJ
z5F((oAZ`yOI-zrScqkPIjn(Yzetg40x-uYSK-Y75a&P=$Y4haL11<S|4YppX!6QLW
zQ;>pE$<iXVdUS3cP2qB6$!WZ1KPES{*d~V5lu=dFnEAoIR`GIPb%rRaCLwHWX@8pF
zo*ke?=^W8=f~;-Ap0`CJ#;x?2+fv?o>4V&&Aal1VIFaiT+mP7jz`kpI(OkPd3Q|P=
zBGaw1dqCMV9~@@>vHHeL$$%8)^M2S<>6%CW*`E6LK|@~l22?d?HT`!9bBA<}-D?Rx
zJEf-^KKml)uv^%`4u;3kPpUh`@9YRgx@hX{AuE?|$31?@Idzv1RLPd*#2vP)QN|!6
zt6z={)_s~d1Cb5n=Iw+WNQTi9FIky77!{_ht4K`o^^4-~0Y|`3p-D<xAXVJ0Di4QR
z>wU!=r|T|miBFAf^+h-Lq;)l<wH3q<^_+Om`9L&0o?lzacfTSBA-UkhgqJ~v&uu-i
zPbA!Pod)XhLtiVthj;ns9M?1TJLI%N3d%xy-+HwcGnVJK=j-iN-zIebRr-N@I8i0O
z&+1#U62K#kajKggX63$l?p$#{w!A5OS_VH*C~U!&Je2rdb$6`)jpU<W_&Lh5AMa*H
zqWN^HPD2|=+|?sd@gJYCF9yL|*s0K@ZLRwHEP=;jEm@D6J}so~@_0Z(xnH>?T6|(u
z!FwtXv?4QiJ6^@GfTo+fa2fk7P_RbY)>&+I_Jr?Z?Fr>KyCFw|Eb(!fy)m~^dgG6J
z7rzMJoPSNhD@Wy`l9Pa3O#HyZv1~IG4uy7xHt*_dEY_gfT(@|Q8SR^o=93y<jTuHx
zuGr_|w2$ub*G=BUB3^BwZ#MmYej{tnpy<9g&0GzhQ25Y`rtz^|GV5UiM>G3WafFiS
zz%{F>nL=(R(Q^9*((z=^3!5_bSoMt+BeG6$D@y9aB`dE6ohk2ZMf?D9b0QV<Dr=RG
zK9c`IAzQax>XMDSF=2aV&?$StPuN#aB8NdUiQ!A0gbr$j;WR$bJ6J2=zL5|)ofB45
zgpJpHp+Tn+jl+i2Tm3JD<}*JjT!-K!wu#HWjYV0>YL2R9XEkS9r~R-`R1$%Y5wZwX
z8F#(3Jf9R_OW>cs7>STr_&)Ym{W-QmaMhQmr|-12l_yGe8r~6du16J%bZ?@3{(<~9
zvXuC(QCQAIUgDsnjNl!qvmE)0N#To%lBLQi+lK?LjZ+;E5)SNjSf7$aiB_ZOFF0Lr
zM>F1Gd~h4O+A*e}i=NemLzjLlw{UhhUD--MVW?V?|EyzjcgVqlp|;91Seqc+dCsDl
zYS8fu%L>t3oN5(ns>9SBwxu*1_k1~aIj;2N^$f`H#rX2v$jSR#IJ6sQUlNF-(Hbwr
zXS2nI>J{xf_-$tDD=#~GAv8=+nTeKvnG5EhIFLJ)oi^B2vr;2br{12^mF+0}1v)Nx
z@ikxh!@lNrwdn-K<$&6-@pkbkQ>ksyk_XND*b7(}RC?$uWDu$uFZa<h=eqjXtq+f0
zb{KKKFc;nFk%idz-KQ0HRxF9>-ZhNggxuVto}e;kpj|-SmlvlrP|BJA^ve1!|19)o
zX>Cm6gS3;wiIv>k;f+$*8e5KV<mis*6&)|M`=(lXwX#bzOY<Ypb72$44u`KS8y2<)
z?NVm(X}HJSb5}aI4zVkmg(v4v2?dyAYIe}nL(blA_jnnJn$Sx}?R|X$%oOot*zuq2
zSHFN~7p(e7JA2soZ)p&jL3qRkeGjggufw;CI6kquS#_EpJ+M9feBP1eTwlkM&YCeC
z)mhA+t8uzmcI#|-)2aPY!(PEs8oiEkE+I>8TTEiwxZHPyj=mNrL-<oU6~iHnWYe1s
zAj^-kJ3T*P;}(XS=jR&hKi)Wx(raG4piAt`aCLH#*sI6J>WEF&iZhy(4MdlWNmV08
zg7tV;^*v{;MqbU?$kBh`dtB3$mV<n8$WXjSVb%As=*Q#T=I#Qjkh)%b>2)iE!a5D>
ziwOpovZ|A|o>Z8jY=$`0Z6pTWYRYN}s0i+?RA?3&RI3^B7UGln*mY{M>t<Blb8+V4
z#8(&mM$%2;Pr9}JZv^Q0LzdN%qMbQ6mvk%j{KFpI{;QgrhK|6yKYN!ui<VQ|*aA1%
zkmdX4^wiAZM-^_R-is<jpEs*`p7~~ty<_%9HZOXv{C2}8ALGHe83Mx8T4o}-B6D(s
zh$V3(<Ok>Zi1I;LBRQhbB5@QQ|L)H5W42q3$HHGgW(AJ<3p9&KNVp~U?Rzn+2qP5e
z(1MdpsxuA9Ik)8YfC?p_T_nyOxVL%$x$A)?+(k9+(Ed$oO?ArXbeGH{HeTKCU&;Eq
zdHJgyZX%fTxO2GT%#0>eZ8c$vU3XI!aP|E(R%d)pMmp}khxrqZ?9xE`2E`W*SzV8a
zeNBeC1$>p>(l3oOc5J3gyoH5}28wQ&n@zkQ_?j4TrSJAaLuz@Szn<N@XY4-FF6w%Y
z0zRoLJ1g1*kLt^}_FCSqo;&Z)h;ny|b7+nK&X0LGT~!Ri*j~nLJoj8}Jml3q+{(^L
z+N6M>_^D3ib+-df^kDNv8yq8u9VWQ<aD(o9Pu6v(-RjiU7dPY=TqmoK!D!_~Z*8@D
zHB%DH+B=qC8LZLIlme;Z>@{M~@9XIqSNhiSRp7vb;Lsb@ah|6ox2Cr3dS+4T|JM|Z
zJm3k@jy7^>Wqn^!g(^?{;5?4_e%5Iy|18cXl-7N~@2aI+l$XDm_0iY>ZfXWw`tiZC
z$3bU8`=h7*j=z_yc+)2qYOu5uG2GjG){R)US3T;hwfroot@sA}rTLx7VP%4dp-}Gy
zr#YuB{wA}Xw`ztakI9F=wSH?NDJ0zZ+^a*tX~4tq`npA%V)^o>9+cSry>_NksM%1l
zmw~c&UN|po@(S(M^k_$k2=j_h?6Bt1P2R$>lm1EVH#SJ_*eCCy|JQh=Pa9vx`kqJr
zBHlj+^NKFad#7Z-3s{IXyk$*jXXZr2?{C$Q!fb1^a@y}RNe#XyrFj%)+{GMvS4w=7
zLrBj#;AnjX4-rD?T(n~=@0{Y=v9{lI>y@9g*t}P=5gZ)mogEmwJZSZfAXsD7W@uw=
z3d(q{>=TQ-JJumcw%HhHA$Ltz6Tc%h9#%(o8<5wnpICo-a{SSgA!TQYwDi5wv2@>}
zb>Z_#OR-u-*$%ol#lsj2^PvP~F>2{YTdt_da^jClJSrfZGP-Ii{CM(ukFU_v{j<uq
z-J&4t&)55SR!nqcj<d`4=8c4Ac9S?`*`X#P;jS%yo@e`?<yfqmN-u7AD}RDX`IAJU
ze_vgVO#l*P!y>QEhJGv$tUth)z!<tK;Ut9yHa0N_8)9wj;J?To9Ja=kezHLu7KuhC
zG04AmVF)Cc08&XYD(izi18(&2hqe7gmV?nu1#pu`?JIk_n6wwT?ZZ3D!z13PouTLT
z0~|oB&?u<78W1Dc7w$K|eUNfr6->Z_RF+=yEPOSG0b5$vjJ4AUot#*1I3Pq~wJP(k
z9|`0Uh-f8jE|#kbwghRxw6(O6aBYYd*pkBVVS-fl8MlYr;mr7aNH+tHg~7?dfT&aj
zTZ0fl%swW62M&ykUrSq%%0d;L=u#Ut`BpcL$f}&I(_)m><@Fu|0zeLiVaBKF3g4zP
za_esg#q(VLlo}IQ_yDjAV;AvaQ3cxquD^D|7KP4h7B(F6S74}d1Ii*_QQR3kcZ+UT
zO#wJ$KuH1c3ReZ&fe^nr1)D)}6NZ4ag(3euAS40-M}XWwzhpp^ptW5P?H?Hm36Ngi
z^M7P;#GiUlBtTvNr3Zlm{P|xpfXMtILqq?-!Vw6dm40Da3=-9w!r=WZ0EibO@FWYw
zYcy-{VGQWF9tubn%mqPlL8Bm0m@63p17;{1>gt9jX`zu?2LD~d5qy~DMhEd2v^Ch8
zP6t@p+R}!~p@6i3EGkluP}nRDlqN(Iu3=+gXlY|gI3mnskr=GC%)+&iz@H68EWt$h
EKU_$4m;e9(

literal 0
HcmV?d00001

diff --git a/itext/itext.kernel/itext/kernel/crypto/securityhandler/StandardHandlerUsingAes256.cs b/itext/itext.kernel/itext/kernel/crypto/securityhandler/StandardHandlerUsingAes256.cs
index b0143e9459..86fedc5d4d 100644
--- a/itext/itext.kernel/itext/kernel/crypto/securityhandler/StandardHandlerUsingAes256.cs
+++ b/itext/itext.kernel/itext/kernel/crypto/securityhandler/StandardHandlerUsingAes256.cs
@@ -238,7 +238,7 @@ private void InitKeyAndReadDictionary(PdfDictionary encryptionDictionary, byte[]
                 byte[] ueValue = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.UE));
                 byte[] perms = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.Perms));
                 PdfNumber pValue = (PdfNumber)encryptionDictionary.Get(PdfName.P);
-                this.permissions = pValue.IntValue();
+                this.permissions = (int)pValue.LongValue();
                 byte[] hash;
                 hash = ComputeHash(password, oValue, VALIDATION_SALT_OFFSET, SALT_LENGTH, uValue);
                 usedOwnerPassword = EqualsArray(hash, oValue, 32);
diff --git a/itext/itext.kernel/itext/kernel/crypto/securityhandler/StandardHandlerUsingStandard40.cs b/itext/itext.kernel/itext/kernel/crypto/securityhandler/StandardHandlerUsingStandard40.cs
index 1236e1d54b..11c517e00b 100644
--- a/itext/itext.kernel/itext/kernel/crypto/securityhandler/StandardHandlerUsingStandard40.cs
+++ b/itext/itext.kernel/itext/kernel/crypto/securityhandler/StandardHandlerUsingStandard40.cs
@@ -163,7 +163,7 @@ private void InitKeyAndReadDictionary(PdfDictionary encryptionDictionary, byte[]
             byte[] uValue = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.U));
             byte[] oValue = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.O));
             PdfNumber pValue = (PdfNumber)encryptionDictionary.Get(PdfName.P);
-            this.permissions = pValue.IntValue();
+            this.permissions = (int)pValue.LongValue();
             this.documentId = documentId;
             keyLength = GetKeyLength(encryptionDictionary);
             byte[] paddedPassword = PadPassword(password);
diff --git a/itext/itext.pdfua/itext/pdfua/checkers/PdfUA1Checker.cs b/itext/itext.pdfua/itext/pdfua/checkers/PdfUA1Checker.cs
index 43e2c5a547..627d5302fe 100644
--- a/itext/itext.pdfua/itext/pdfua/checkers/PdfUA1Checker.cs
+++ b/itext/itext.pdfua/itext/pdfua/checkers/PdfUA1Checker.cs
@@ -407,7 +407,7 @@ private void CheckCrypto(PdfDictionary encryptionDictionary) {
                     throw new PdfUAConformanceException(PdfUAExceptionMessageConstants.P_VALUE_IS_ABSENT_IN_ENCRYPTION_DICTIONARY
                         );
                 }
-                int permissions = ((PdfNumber)encryptionDictionary.Get(PdfName.P)).IntValue();
+                int permissions = (int)((PdfNumber)encryptionDictionary.Get(PdfName.P)).LongValue();
                 if ((EncryptionConstants.ALLOW_SCREENREADERS & permissions) == 0) {
                     throw new PdfUAConformanceException(PdfUAExceptionMessageConstants.TENTH_BIT_OF_P_VALUE_IN_ENCRYPTION_SHOULD_BE_NON_ZERO
                         );
diff --git a/port-hash b/port-hash
index 61aa9e91c7..b4408b8c9e 100644
--- a/port-hash
+++ b/port-hash
@@ -1 +1 @@
-31982ffa741c53dba41efb38a4f8139dd53b1897
+750a1ef4c0feeadfce1b8f46caf639dcb5a56eec