Consider validating ByteRange against EOF

[felixh10r]

I noticed that when "forging" signed PDFs with Illustrator, the program is smart and does not touch the signed byte range—it rather appends a copy of the whole file to itself and modifies the new byte range (doubling the file size), all while maintaining a completely valid signature.

I gave this some thought and at least for my use case (preventing unauthorized modification of PDF files), I will check the size of the PDF against the upper bound of the byte range:

// helpers/extractSignature.js

if (ByteRange[2] + ByteRange[3] < pdfBuffer.length) {
  throw new VerifyPDFError(
      'Failed PDF size verification.',
      VerifyPDFError.TYPE_INPUT,
  );
}

I am by no means an expert in PDF signing and I'm not aware of the implications of this behavior, so please tell me if this doesn't make sense. Otherwise, I'd be happy to create a PR for this issue. In any case, thanks for this library, it taught me a lot of things about PDF signing!

[MohammedEssehemy]

Greetings @felixh10r, thank you for reporting this Can you upload a sample file before and after modification, so that we can debug in this issue? Thank you

[felixh10r]

@MohammedEssehemy thanks for your reply! Please find attached the two files, one valid, one forged. Also, I've attached two screenshots of what Adobe Acrobat thinks about this. Thanks for looking into this!

PS. I'm using a self-signed certificate, so the authenticity check is expected to fail, but the integrity check should fail as well for the forgery.

valid.pdf forged.pdf

[MohammedEssehemy]

@felixh10r Thank you for reporting this, I've checked the attached PDFs and I was able to reproduce the bug so feel free to open a PR with the proposed change Thank you