Harden PDF XMP metadata parsing

PrzemyslawKlys · PrzemyslawKlys · commit 8a749022b824 · 2026-06-17T10:49:20.000+02:00
diff --git a/OfficeIMO.Pdf/Reading/Core/PdfReadDocument.XmpMetadata.cs b/OfficeIMO.Pdf/Reading/Core/PdfReadDocument.XmpMetadata.cs
@@ -1,3 +1,4 @@
+using System.Xml;
 using System.Xml.Linq;
 using OfficeIMO.Pdf.Filters;
 
@@ -6,6 +7,8 @@ namespace OfficeIMO.Pdf;
 public sealed partial class PdfReadDocument {
     private const string DublinCoreNamespaceUri = "http://purl.org/dc/elements/1.1/";
     private const string PdfAIdentificationNamespaceUri = "http://www.aiim.org/pdfa/ns/id/";
+    /// <summary>Maximum decoded XMP metadata size parsed as XML.</summary>
+    public const int MaxXmpMetadataBytes = 4_000_000;
 
     /// <summary>Catalog XMP metadata stream discovered from /Metadata.</summary>
     public PdfXmpMetadataInfo? XmpMetadata { get; }
@@ -23,8 +26,8 @@ public sealed partial class PdfReadDocument {
         }
 
         byte[] decoded = StreamDecoder.Decode(stream.Dictionary, stream.Data, _objects);
-        string? rawXml = DecodeMetadataText(decoded);
-        XDocument? document = TryParseXml(rawXml);
+        string? rawXml = decoded.Length <= MaxXmpMetadataBytes ? DecodeMetadataText(decoded) : null;
+        XDocument? document = rawXml is null ? null : TryParseXml(rawXml);
         return new PdfXmpMetadataInfo(
             objectNumber,
             TryReadName(stream.Dictionary, "Subtype"),
@@ -82,7 +85,14 @@ public sealed partial class PdfReadDocument {
         }
 
         try {
-            return XDocument.Parse(rawXml!, LoadOptions.None);
+            var settings = new XmlReaderSettings {
+                DtdProcessing = DtdProcessing.Prohibit,
+                MaxCharactersInDocument = MaxXmpMetadataBytes,
+                XmlResolver = null
+            };
+            using var stringReader = new StringReader(rawXml!);
+            using XmlReader reader = XmlReader.Create(stringReader, settings);
+            return XDocument.Load(reader, LoadOptions.None);
         } catch (Exception ex) when (ex is System.Xml.XmlException || ex is InvalidOperationException) {
             return null;
         }
diff --git a/OfficeIMO.Tests/Pdf/PdfInspectorViewerMetadataPreflightTests.cs b/OfficeIMO.Tests/Pdf/PdfInspectorViewerMetadataPreflightTests.cs
@@ -223,6 +223,34 @@ public void Inspect_ReadsXmpIdentificationFieldsByNamespaceUri() {
         Assert.Equal("BASIC", xmp.ElectronicInvoiceConformanceLevel);
     }
 
+    [Fact]
+    public void Inspect_XmpMetadataRejectsDtdEntityExpansion() {
+        const string xmp = "<!DOCTYPE xmp [<!ENTITY boom \"expanded\">]><xmp>&boom;</xmp>";
+
+        PdfDocumentInfo info = PdfInspector.Inspect(BuildXmpMetadataPdfWithPayload(xmp));
+
+        Assert.True(info.HasXmpMetadata);
+        PdfXmpMetadataInfo metadata = Assert.IsType<PdfXmpMetadataInfo>(info.XmpMetadata);
+        Assert.Equal(xmp.Length, metadata.DecodedSizeBytes);
+        Assert.Contains("<!DOCTYPE", metadata.RawXml, StringComparison.Ordinal);
+        Assert.False(metadata.IsWellFormedXml);
+        Assert.Null(metadata.Title);
+        Assert.Empty(metadata.Subjects);
+    }
+
+    [Fact]
+    public void Inspect_XmpMetadataOverLimitKeepsSizeButDoesNotMaterializeRawXml() {
+        string xmp = new('x', PdfReadDocument.MaxXmpMetadataBytes + 1);
+
+        PdfDocumentInfo info = PdfInspector.Inspect(BuildXmpMetadataPdfWithPayload(xmp));
+
+        Assert.True(info.HasXmpMetadata);
+        PdfXmpMetadataInfo metadata = Assert.IsType<PdfXmpMetadataInfo>(info.XmpMetadata);
+        Assert.Equal(PdfReadDocument.MaxXmpMetadataBytes + 1, metadata.DecodedSizeBytes);
+        Assert.Null(metadata.RawXml);
+        Assert.False(metadata.IsWellFormedXml);
+    }
+
     [Fact]
     public void Preflight_AllowsSimpleCatalogUriPdfReadAndRewrite() {
         PdfDocumentPreflight report = PdfInspector.Preflight(BuildCatalogUriPdf());
@@ -363,5 +391,36 @@ public void Inspect_DecodesFilteredOutputIntentProfileBeforeReadingIccHeader() {
         Assert.True(outputIntent.DestinationOutputProfileHasIccSignature);
     }
 
+    private static byte[] BuildXmpMetadataPdfWithPayload(string xmp) {
+        string pdf = string.Join("\n", new[] {
+            "%PDF-1.4",
+            "1 0 obj",
+            "<< /Type /Catalog /Pages 2 0 R /Metadata 5 0 R >>",
+            "endobj",
+            "2 0 obj",
+            "<< /Type /Pages /Count 1 /Kids [3 0 R] >>",
+            "endobj",
+            "3 0 obj",
+            "<< /Type /Page /Parent 2 0 R /MediaBox [0 0 200 200] /Contents 4 0 R >>",
+            "endobj",
+            "4 0 obj",
+            "<< /Length 0 >>",
+            "stream",
+            "",
+            "endstream",
+            "endobj",
+            "5 0 obj",
+            "<< /Type /Metadata /Subtype /XML /Length " + System.Text.Encoding.UTF8.GetByteCount(xmp).ToString(System.Globalization.CultureInfo.InvariantCulture) + " >>",
+            "stream",
+            xmp,
+            "endstream",
+            "endobj",
+            "trailer",
+            "<< /Root 1 0 R /Size 6 >>",
+            "%%EOF"
+        });
+
+        return System.Text.Encoding.UTF8.GetBytes(pdf);
+    }
 
 }
