From 47dfee29bc1af30dc4f36fb8dc6c49c7883da88a Mon Sep 17 00:00:00 2001
From: Thomas Vermeilh <ory@oryctero.pe>
Date: Fri, 2 Aug 2024 09:56:45 +0200
Subject: [PATCH] fix panic on 5 bits encryption key

Found this bug while fuzzing the crate. The spec says that /Length must be a
multiple of 8 bits, but Decoder::from_password doesn't check for it, and panics
if a length of 5 is passed.

Return an error if the key length is not a multiple of 8 bits.
---
 pdf/src/crypt.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pdf/src/crypt.rs b/pdf/src/crypt.rs
index 4242d51d..c91bdce8 100644
--- a/pdf/src/crypt.rs
+++ b/pdf/src/crypt.rs
@@ -297,7 +297,13 @@ impl Decoder {
 
         let (key_bits, method) = match dict.v {
             1 => (40, CryptMethod::V2),
-            2 => (dict.bits, CryptMethod::V2),
+            2 => {
+                if dict.bits % 8 != 0 {
+                    err!(other!("invalid key length {}", dict.bits))
+                } else {
+                    (dict.bits, CryptMethod::V2)
+                }
+            },
             4 ..= 6 => {
                 let default = dict
                     .crypt_filters