Log of #ghostscript at irc.freenode.net.

 <<<Back 1 day (to 2020/02/03)Fwd 1 day (to 2020/02/05) >>>20200204 
uliGS hi, looking 4 the syntax to merge 2 PDF/A file into one PDF/A file . while using Version 9.26 reomve/brake all links in the dokument...09:02.03 
kens uliGS:09:02.17 
  Ghostscritp doesn't 'merge' PDF files at all09:02.24 
  It can create a new PDF file from two input files, but that's not the same as merging them09:02.36 
  The first thing you shoudl do is use current code, the current release is 9.5009:02.49 
uliGS ok, so make one out of the two will be good for me..09:03.05 
kens First thing you should do is use 9.50 not 9.2609:03.41 
  You don't say what kind of 'links' you mean09:04.05 
  Its likely that a table of contents (/Outlines technically) simply can't be preserved09:04.33 
  Because the page numbers in the input and output files will be different09:04.45 
  The only real way we can probably help you is to see your files09:05.17 
  And the esaiest way to accomplish that is to open a bug report at https://bugs.ghotscript.com. You can attach the files and command line you are using there09:05.50 
  And soemone can look at it. You should also look at the back channel output from Ghostscript, if its eliding links it will probably be telling you why as well.09:06.16 
uliGS i have "intern-links" to the footnote on the page. they dont work. i found this comment "https://bugs.ghostscript.com/show_bug.cgi?id=699830" 09:06.17 
kens Well I cannot say whether that is relevant, since I havenm't got your PDF files to look at and so cannot tell what the /Flags values are on the annotations09:07.19 
uliGS tnks 4 the moment, i'll update and try again09:57.52 
weijunli I have a ps code but it only works if I convert to a pdf using `-DNOSAFER`. Theres any way I can execute the ps code without that flag? Because in some systems it will be an empty document14:11.47 
kens weijunli:14:12.09 
  It depends entirely what's in the PostScript program14:12.21 
  Assuming that the program is opening files on disk, and that's what is failing, then you need to explicitly add permission for Ghostscript to open those specific files, or specify the folder containing the file(s) as being open for read14:13.04 
  This is documented14:13.07 
weijunli kens, well im writing a simple .txt file https://dpaste.org/gFkV/raw14:14.01 
kens Opening a file for write is not permitted either unless you explicitly make it so14:14.20 
  See :14:14.23 
  In the highlights for version 9.50 second bullet point14:14.38 
  If you follow the link to SAFER then you'll get details of the controls14:15.10 
  The choice is yours, you can continue to use Ghostscript without security on file opening/reading/writing, in which case you will be potentially vulnerable to the various exploits which have been closed by the default use of SAFER, and the nardening of file controls, or you can use the file controls to get the benefit of the additional security.14:16.32 
weijunli kens: I am just playing with ps a bit, how do i disallow those security checks? Do I need to use .setsafe on the code?14:19.13 
kens There are command line parameters14:19.28 
  look for --permit-14:20.07 
  If you want to disallow the security, then you just use -dNOSAFER as you already (I think) know14:20.43 
weijunli got it14:21.03 
  with the -dnosafer it works but the ps code runs locally, I thought that with the ps code embedded on the pdf, the ps would execute on the machine that opens the pdf? Because as soon as I convert it to a pdf, it automatically creates the .txt on my machine and when i try to open the pdf on other machine, the .txt isnt created14:22.27 
  am I able to create the file on both machines?14:22.43 
kens I don't know what you mean there, the PostScript code you have there doesn't get embedded in the PDF file as far as I can see (and really, don't try to do that, its long since deprecated)14:23.16 
  All the PostScript you've supplied does is open a file on the current machine and dump some text into it, there is no PDF file involved as far as I can see14:23.51 
  You really don't want to try and put PostScript into a PDF file. Its been deprecated a long time ago, won't work with practically every PDF consumer, and is a terrible security hole14:24.40 
weijunli I know.. I am interested in knowing how to do it though, can you point to some links?14:25.31 
kens You need to create a PostScript XObject in teh PDF file. To do that you'll need to use pdfmarks. You'll need to obtain the pdfmark reference manual from the Adobe web site and unsderstand it.14:26.22 
  I am not certain that we still support embedding PS XObjects in PDF files with Ghostscript, so it may not even work14:26.39 
  As I said, it was deprecated ages ago.14:26.52 
  You can, of course, always hand craft a PDF file and put a PS XObject in it yourself, rather than trying to use Ghostscript.14:27.16 
  But to do that you'll need to understand the PDF file format, and you'll need the PDF reference manual for that, which is also available from the Adobe web site.14:27.45 
  I don't have URLs for those (because Adobe keep moving them) but a Google search should find them quickly14:28.06 
  NB even if you do create a PDF file with a PS XObject, I think that Ghostscript by default won't run it, you'll need to find the control (possibly DoPSForm) that permits it to execute in Ghostscript.14:29.26 
weijunli I could find some vulns on version 9.26 which is what im running, are you aware of any PoC that might work in this?14:35.22 
kens Yes14:35.28 
weijunli Mind to share please14:36.06 
kens Actually, yes.14:36.13 
  The CVEs are available if you want to research the problem14:36.31 
  But I'm not going to post them publicly14:36.37 
weijunli there's metasploit scripts for the cves, im just trying it manually14:37.43 
  so that i can understand better about ps/gs14:37.54 
  kens: just a try writing my own pdf, https://dpaste.org/W32b/raw14:48.16 
kens That is not a valid PDF file14:48.32 
  it has no xref and no trailer14:48.39 
  and no startxref keyword14:49.07 
  Also no pages tree14:49.18 
  There are probably other faults14:49.24 
weijunli https://dpaste.org/N5Jf/raw14:51.03 
  still damaged tho14:51.10 
kens You've declared object 74, but the xref table only has 12 entries, there is still no pages tree14:51.36 
  Oh and you've azpplied FlateDecode to a stream which is not Flate encoded that *really* won't work14:52.02 
  And the startxref has no value, its supposed to point to the binary offset of the xref table14:52.32 
  Really, cobbling bits of old PDF files together and hoping for the best isn't going to work14:52.47 
  Also the trailer dictionary references two objects, 1 and 2, which are not defined in the file14:53.23 
  The xref tables has offsets for 12 objects, none of whic are defined in the file14:53.34 
  actually 11 objects, but still14:53.48 
weijunli Can you please edit that pdf snippet just to have a working sample?14:54.17 
kens No14:54.23 
  It would be a lot of effort and this is not a PDF support forum, I do have work to do14:54.40 
weijunli kens, im now reading the internals of pdf writing, im just confused about the xref pointer, how do i calculate that given that i have 2 indexes (starting from 0 which is null and the 1obj im using), e.g.16:08.47 
  0000000000 65535 f 16:08.48 
  0000000010 00000 n 16:08.48 
kens Object 0 is always NULL, its the head of the free list16:09.10 
  Then comes object 116:09.15 
  The offset in the xref should be the offset of the position of that object in the PDF file16:09.28 
  This is all in the PDF Reference16:09.35 
  The xref you hyave there says that object 0 has an offset of 0, a generation number of -1 and is free16:10.10 
  Object 1 has an offset of 10, a generation number of 0 and is in use16:10.27 
weijunli kens: check this please https://dpaste.org/WGBZ/raw16:14.30 
kens The startxref value looks wrong at 1616:14.56 
  That is supposed to be the offzset of the x in xref within the file16:15.16 
  You don;'t have a pages tree16:15.20 
  The /Length of object 1 is (or looks like it is) incorrect16:16.04 
  Its not possible to validate a PDF file totally simply by looking at a pastebin, since its a binary format16:16.25 
  The Root dictionjary is declared as object 1, but object 1 is not a valid Root dictionary16:17.04 
  The Root dictionary must (among other things) have a /Type of /Catalog16:18.09 
  It must contain a /Pages entry pointing to the pages tree16:18.35 
weijunli So I can just change Root to something else?16:18.38 
kens No because a valid PDF file must have a Root entry in the trailer dictionary and the Root entry must point to a valid Catalog dictionary16:19.07 
weijunli so i need at least 3 indexes? 0 default, 1 root, 2 the page with the ps ?16:19.54 
kens You also need the Pages tree16:20.16 
  And the PostScript is not 'in' the page16:20.29 
weijunli yeah sry, lemme change it abit, 1min16:20.57 
kens It may be referenced from the Pag as an XObject, in which case you will need a Resources dictionary in the Page dictionary which references the PostScritp XObject16:21.01 
  why do you want all of this ?16:22.16 
weijunli testing an app security which accepts postscript contents, its an internal app ppl upload files to, and I wasnt unware of postscript until recently. So im trying some stuff. 16:24.18 
  im not sure what is the gs/interpreter version but i believe is quite old tho16:24.33 
kens If it accepts PostScript then you don't need to wrap it up in a PDF file16:24.45 
  If you are using a version of Ghostscript older than 9.50 then it has known security flaws and should be upgraded urgently16:25.13 
  Basically; don't bother testing it, if its not the current version, replace it16:26.04 
weijunli management wouldnt care unless you can show them some stuff :X16:26.26 
kens Oh and its easy to find out the version of Ghostscript, it tells you when you start it up and it can be retrieved trivially with PostScript16:26.49 
chrisl gs -h16:26.59 
kens Your management won't accept a CVE and a solution ? <boggles>16:27.02 
  BTW I reiterate that Ghostscript doesn't actually execute PS XObjects (at least in recent versions) without specifically setting a switch to do so16:29.14 
  So you probably aren't really proving anything, unless hte version is *really* old16:29.33 
  In which case you should upgrade it simply to get bug fixes16:29.50 
weijunli kens: yeh will *recommend* 16:31.14 
  anyway, i think thats pretty cool to work with pdfs, now i'd like to go till the end of pdf writing16:31.38 
  im changing it a bit, will show you in a min16:31.46 
  kens: https://dpaste.org/ga0R/raw16:48.07 
kens Well it looks like you still have the startxref value incorrect16:48.33 
  I can't really comment about any of the offsets, they might be right or might not, can't tell form a pastebin16:48.57 
  Your Page dictionary is not valid because it should be a stream object16:49.25 
  And its just a dictionary16:49.33 
  And since your Page has no content stream it doesn't actually use the PS XObject, so it doesn't do anything useful16:50.12 
  The rest looks OK but its hard to be sure16:50.20 
weijunli I cant get that xref right.. I tried with mutool but still.. Regarding Page dict should be a stream obj, the slides im following doesnt have anything in there16:54.48 
kens The Page is still required to be a stream, even if the content of that stream is no bytes16:55.20 
  And if you don't have anything in the stream, then you can'e execute the PS XObject16:55.34 
  And if you don't execute the PostScript XObject, you aren't proving anything16:55.46 
weijunli kens: so on 1 0 obj can i just have an empty stream endstream ?16:56.09 
kens Not object 116:56.30 
  Object 3, the Page stream16:56.38 
  And as I said if your stream is empty, then you won't be executing the PostScript, becuae nothing will execute the Form XObject16:57.04 
  NB you need a /Length in a stream dictionary too16:57.15 
weijunli once you got some spare minutes, just try to fix this. An working example would be much easier to understand what i missed, otherwise i will just poke around and lead nowhere. Plus I really cant figure out that xref pointer16:59.33 
kens Its easy to make a working example17:06.23 
  gs -sDEVICE=pdfwrite -sOutputFile=out.pdf -dCompressPages=false -c "showpage" -f17:06.57 
  There are optional things in there, like hte metadata and the binary comment in line 2, but the rest is mandatory, except for the content of the page stream, which obviously you will need to be different17:08.42 
  Actually I see I'm wrong about the page being a stream17:09.36 
  It isn't it just points to one with the /Contents, I had forgotten that17:09.48 
  Like I said, its hard to desk-check a PDF file17:10.11 
  I'm heading off now, its the end of the day.17:12.10 
weijunli chrisl are you around?17:43.01 
  i have generated a pdf with the gs commandline as kens posted above and edited the /Metadata with my XObject. Looks like this https://dpaste.org/0Ybo/raw17:44.06 
  what do you think? It still doesnt create the output1.txt, do I need to generate a new pdf with qpdf ?17:44.49 
chrisl weijunli: I would guess your editing has broken the offets in the xref table18:01.20 
  weijunli: I maybe missing something, but if you're trying to show a security risk, why are you insisting on using a feature that was deprecated in the spec, and has been disabled by default, over a decade ago??18:11.52 
weijunli chrisl how can i fix that? i never could get the right offset18:22.41 
chrisl weijunli: You need to get the offsets right, or the PDF won't (necessarily) work18:23.51 
  weijunli: Frankly, seems like a completely *insane* amount of effort just to run some Postscript......18:30.58 
weijunli whats the right calculation to get the exact offset18:31.49 
  the main issue with writing pdfs must be that offset thing18:33.22 
chrisl weijunli: The "calculation" is the number of bytes from the start of the file to the beginning of the object. There are many issues writing PDF files, offsets are just one of them18:36.50 
 <<<Back 1 day (to 2020/02/03)Forward 1 day (to 2020/02/05)>>> 
ghostscript.com #mupdf