Fixed vulnerability in PDF format

src/FileSignatures/Formats/AdobePdf.cs

@@ -1,3 +1,5 @@
+using System.IO;
+
 namespace FileSignatures.Formats;
 
 public class AdobePdf : Pdf
@@ -11,14 +13,35 @@ public AdobePdf() : base([
     ])
     {
     }
-
-    protected override bool IsSignatureByte(byte value, int signatureIndex)
+
+    public override bool IsMatch(Stream stream)
+    {
+        if (stream == null || (stream.Length < HeaderLength && HeaderLength < int.MaxValue) || Offset > stream.Length)
+        {
+            return false;
+        }
+
+        stream.Position = Offset;
+
+        for (var i = 0; i < Signature.Count; i++)
+        {
+            var b = stream.ReadByte();
+            if (!IsSignatureByte(b, i))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    protected bool IsSignatureByte(int value, int signatureIndex)
     {
-        return IsVersionNumber(value, Signature[signatureIndex]) 
-               || base.IsSignatureByte(value, signatureIndex);
+        return IsVersionNumber(value, Signature[signatureIndex])
+               || value == Signature[signatureIndex];
     }
 
-    private static bool IsVersionNumber(byte value, byte signatureByte)
+    private static bool IsVersionNumber(int value, byte signatureByte)
     {
         var isNumber = value is >= 0x30 and <= 0x39;
         return signatureByte == VersionNumberPlaceholder && isNumber;

src/FileSignatures/Formats/Pdf.cs

@@ -7,46 +7,13 @@ namespace FileSignatures.Formats
     /// </summary>
     public class Pdf : FileFormat
     {
-        private const uint MaxFileHeaderSize = 1024;
-
         public Pdf() : this([0x25, 0x50, 0x44, 0x46])
         {
         }
 
         protected Pdf(byte[] signature) : base(signature, "application/pdf", "pdf", 0)
         {
         }
-
-        public override bool IsMatch(Stream stream)
-        {
-            if (stream == null || (stream.Length < HeaderLength && HeaderLength < int.MaxValue) || Offset > stream.Length)
-            {
-                return false;
-            }
-
-            stream.Position = Offset;
-
-            var signatureIndex = 0;
-            while (stream.Position < MaxFileHeaderSize && stream.Position < stream.Length)
-            {
-                var b = (byte)stream.ReadByte();
-                if (IsSignatureByte(b, signatureIndex))
-                {
-                    signatureIndex++;
-                }
-                else
-                {
-                    signatureIndex = 0;
-                }
-
-                if (signatureIndex == Signature.Count)
-                    return true; 
-            }
-
-            return false;
-        }
-
-        protected virtual bool IsSignatureByte(byte value, int signatureIndex)
-           => value == Signature[signatureIndex];
+
     }
 }

test/FileSignatures.Tests/FunctionalTests.cs

@@ -19,8 +19,7 @@ public class FunctionalTests
         [InlineData("dragndrop.msg", "application/vnd.ms-outlook")]
         [InlineData("nonstandard.docx","application/vnd.openxmlformats-officedocument.wordprocessingml.document")]
         [InlineData("test.pdf", "application/pdf")]
-        [InlineData("test_header_somewhere_in_1024_first_bytes.pdf", "application/pdf")]
-        [InlineData("test_header_adobe.pdf", "application/pdf")]
+        [InlineData("adobe.pdf", "application/pdf")]
         [InlineData("test.rtf", "application/rtf")]
         [InlineData("test.png", "image/png")]
         [InlineData("test.ppt", "application/vnd.ms-powerpoint")]
@@ -52,7 +51,7 @@ public class FunctionalTests
         [InlineData("test.ogg", "audio/ogg")]
         [InlineData("test.amr", "audio/amr")]
         [InlineData("test.ico", "image/vnd.microsoft.icon")]
-        //[InlineData("malicious.pdf", "application/vnd.microsoft.portable-executable")]
+        [InlineData("malicious.pdf", "application/vnd.microsoft.portable-executable")]
         public void SamplesAreRecognised(string sample, string expected)
         {
             var result = InspectSample(sample);