From 9500a5f31e3fd0b83925ff0f0359d436d6121c16 Mon Sep 17 00:00:00 2001 From: Nick Burch Date: Mon, 21 Jul 2008 19:35:47 +0000 Subject: [PATCH] Fix bug #45437 - Detect encrypted word documents, and throw an EncryptedDocumentException instead of a OOM git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@678539 13f79535-47bb-0310-9956-ffa450edef68 --- src/documentation/content/xdocs/changes.xml | 1 + src/documentation/content/xdocs/status.xml | 1 + .../poi/EncryptedDocumentException.java | 24 ++++++++++++++++++ .../EncryptedPowerPointFileException.java | 11 +++----- .../src/org/apache/poi/hwpf/HWPFDocument.java | 7 ++++- .../poi/hwpf/data/PasswordProtected.doc | Bin 0 -> 19968 bytes .../poi/hwpf/usermodel/TestProblems.java | 15 +++++++++++ 7 files changed, 50 insertions(+), 9 deletions(-) create mode 100644 src/java/org/apache/poi/EncryptedDocumentException.java create mode 100644 src/scratchpad/testcases/org/apache/poi/hwpf/data/PasswordProtected.doc diff --git a/src/documentation/content/xdocs/changes.xml b/src/documentation/content/xdocs/changes.xml index 021e946e7..30c53bb21 100644 --- a/src/documentation/content/xdocs/changes.xml +++ b/src/documentation/content/xdocs/changes.xml @@ -37,6 +37,7 @@ + 45437 - Detect encrypted word documents, and throw an EncryptedDocumentException instead of a OOM 45404 - New class, hssf.usermodel.HSSFDataFormatter, for formatting numbers and dates in the same way that Excel does 45414 - Don't add too many UncalcedRecords to sheets with charts in them 45398 - Support detecting date formats containing "am/pm" as date times diff --git a/src/documentation/content/xdocs/status.xml b/src/documentation/content/xdocs/status.xml index 038458006..b81e839ef 100644 --- a/src/documentation/content/xdocs/status.xml +++ b/src/documentation/content/xdocs/status.xml @@ -34,6 +34,7 @@ + 45437 - Detect encrypted word documents, and throw an EncryptedDocumentException instead of a OOM 45404 - New class, hssf.usermodel.HSSFDataFormatter, for formatting numbers and dates in the same way that Excel does 45414 - Don't add too many UncalcedRecords to sheets with charts in them 45398 - Support detecting date formats containing "am/pm" as date times diff --git a/src/java/org/apache/poi/EncryptedDocumentException.java b/src/java/org/apache/poi/EncryptedDocumentException.java new file mode 100644 index 000000000..4922d1c81 --- /dev/null +++ b/src/java/org/apache/poi/EncryptedDocumentException.java @@ -0,0 +1,24 @@ +/* ==================================================================== + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +==================================================================== */ +package org.apache.poi; + +public class EncryptedDocumentException extends IllegalStateException +{ + public EncryptedDocumentException(String s) { + super(s); + } +} diff --git a/src/scratchpad/src/org/apache/poi/hslf/exceptions/EncryptedPowerPointFileException.java b/src/scratchpad/src/org/apache/poi/hslf/exceptions/EncryptedPowerPointFileException.java index 77f93a10f..08eabd223 100644 --- a/src/scratchpad/src/org/apache/poi/hslf/exceptions/EncryptedPowerPointFileException.java +++ b/src/scratchpad/src/org/apache/poi/hslf/exceptions/EncryptedPowerPointFileException.java @@ -1,4 +1,3 @@ - /* ==================================================================== Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -15,19 +14,15 @@ See the License for the specific language governing permissions and limitations under the License. ==================================================================== */ - - - package org.apache.poi.hslf.exceptions; +import org.apache.poi.EncryptedDocumentException; + /** * This exception is thrown when we try to open a PowerPoint file, and * discover that it is encrypted - * - * @author Nick Burch */ - -public class EncryptedPowerPointFileException extends IllegalStateException +public class EncryptedPowerPointFileException extends EncryptedDocumentException { public EncryptedPowerPointFileException(String s) { super(s); diff --git a/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java b/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java index a43357f02..c97d6a8bf 100644 --- a/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java +++ b/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java @@ -28,6 +28,7 @@ import java.io.ByteArrayInputStream; import java.util.Iterator; +import org.apache.poi.EncryptedDocumentException; import org.apache.poi.POIDocument; import org.apache.poi.poifs.filesystem.DirectoryNode; import org.apache.poi.poifs.filesystem.POIFSFileSystem; @@ -174,9 +175,13 @@ public class HWPFDocument extends POIDocument directory.createDocumentInputStream("WordDocument").read(_mainStream); - // use the fib to determine the name of the table stream. + // Create our FIB, and check for the doc being encrypted _fib = new FileInformationBlock(_mainStream); + if(_fib.isFEncrypted()) { + throw new EncryptedDocumentException("Cannot process encrypted word files!"); + } + // use the fib to determine the name of the table stream. String name = "0Table"; if (_fib.isFWhichTblStm()) { diff --git a/src/scratchpad/testcases/org/apache/poi/hwpf/data/PasswordProtected.doc b/src/scratchpad/testcases/org/apache/poi/hwpf/data/PasswordProtected.doc new file mode 100644 index 0000000000000000000000000000000000000000..0d6c1690636e91f877a889c0a62d82fd689354c8 GIT binary patch literal 19968 zcmeI42{ct*|HrR+x~5AqWF|5XWlV^K5Z9D3bLQcaP?5$L0WJ+p0Bqe8!e@5a`O~K4b)Eu}!x86Wb50z97YJZ|F&)Ge$QEf*)L!C5b;=7Ns;coCyOm@nype!KggeLpGMZ0bww^Gdk@#rVS$>8ot1 z#jSCDFPO?R~%3eKqsL&S~HKX0focqmM1Q%O1h=uy{f%l$Tkqz3-%4xlp){STJuNn{JO@a)d2h zj&O_aEy;UndG(Hyx0pOO-bvkj;^mhANUDH8(O7+Kh9SD%MygbWm*!{#lIV5M6!Ts} zf*Vt226uz>q?U;!zm15;Q-Su|21h>#yAkKeZk8%zv8}WYVy~iz#z_{$Z^p=fBwdEx zlc@OI5T!OXm&3;x5&R;P=EJgnOdRo18Whq~gQ9YrL1bU<Vk;Ih< z&qbu+brKDBdu>aYfL_(jk$a!GeUg*TufQL=&a{7(I4*FKmoQp! zYDH9A@ub)2p|iuWU)yJeSwgtF*c&NUQ-acm0;`7{aV;~kNat?_VC(G?D5ah=F`g3a zFqm3HrWD;*KCSYBNlrHvhk0L>d?@+ilzuJk5vur(F$$EzjK8csUdZ$k(W>N`&{HY+ z4^$Q4tCs|gmTm^!sKio=aAvqWh3(AGnc-y^iBO}oCn(^1Hnmn0qC*I0M@;21G0a7B z8Y5A%D%E8sWmmGo%m^mNUkx_0X-koJ8Rk5&XQ&wNGYst?d|vCGN&ad06D_X z`C2P%HtR;}GvselSKQ=d3Lfhh=bXCJ)#!Odx1Bw1#dZ6&XWq1X#t}B(>i8JDFTVV8 zcnlnGoicX()L=M(oZsLWrtPVY@@R<)<|xfWN4SiY&7?yK8-p2i?Qh{`S8 zYQ7JrUXss?Q^i5wugCP`dF(Wkf|D~=r9GVYVzjvA1JXWVMo;sABF==98&f`cU(1a=Or~HkJ+uONMR{m-PG6tZ+&Xo;#MQ4$01S zfj1%)=Oq?)&U+yJ$5JJE*RCt4x)dae79CZjwkY9vLpshUlQN7W%DSg4eYdA0hB5m^ z;8`*Ej;6^wQ%zsxq>U zvtElku~HP$hNcM>6g!+MyH%H~!d1vTfDQMVZG1j-0K$@vIb5>N!=tEV!LlX0Poy;(WtDZJqOR z&u+vobBUv0f-H5}EX8R-Q<$;o>40YHxs1)5jT0z$Se^`Jg@WC*VmMKQTU6h8SgjaV zppHE^A+u?c@{(TnNAaqplb%>x&s4(Jj84!7_2J(L?D)3Ib-TX*_R!-8&f9ZSmsssm zOP&2q^MV>bmlSFr3ni6bjem{!cJHBTX5D9%+{klOqdVb^qUtwQQsP}nXVU1JRc$VY zX?hM@Cwi3!X)SptA7LFjM7neJGLJcP)^Qy_w$*u({BXFEoriF&yRx4mS-gf~^LAp_ zO6%rILar2+X{%%K{S(c2d1s0_9%dCS>3&t+jc@m3NAxGgD?AcURcGR@BubD~duEQW zL~FMfp%zC!|EQ$ce^M#ie=t&gv+@#6^LtAMB?RGD!w0ESbGGKDx-S_VRYpk6TdPzP zoQuEKPDsDHcYHJB>(|rp8YUKhEvDsayA$m#D+Sd(du`j=iT5q@^-e92Sv}m;yV{J) zS!Qd^Tg6vNe)H1H90rH9Cdb3)10%iO*j4X{Jf#^FnX@>&{|dEn?Upg6MAw)%_wJQ% zd1lPSBZ|E@;_8w`&3TA~S3`Ukz0Q4ZJmERfG;Ze~_2gH_rWvSK3 zuwtJxMSWE>8y8<4DwR8Mt%7oWMx5yGI_GvfDnLqXiH!fyt761gw#tj|+qXOD!r3$v zsPFl|skHriC+Yu>?CE;b0_IZX(m-myI~@(dY(KY+IF=Ch;MeiM!#f_MCQ( z!cMF*!l(I@mk1kg7}I_*5xY*dBzu}*Lpi6lr@XG@jwrh)LBp|YC1Wzc%I zord5j8;=Rmks$?Eg6!-ICtP^m=@a)6)tkUP$(8Em-y#bI?_RWdJHH`~_crd-jNwcA z$yxs0rrg&%5+#cf`P#|2MREPJT84HH=G44tqYt0#?X7ltd(rpReo**uj7Y&zgRe|O zQE`3)b(RTgl<&Rh84pR(FI(gLHpSaA359A!B^&_WDpG zQeKNGWTT{qU?{8cLAI{5Ik(xWf!bljj!YSAm;lSJmkUEv6@Nse3F{3y6~3Dj!nGm% zmk7Kc4OVYFtRtz8iM8ZegcE;dJyMKoHzMxoy+Rc*in*b9`L!gv?_8EVU4lw87bm@Z9?-7^4YRd|`cu@bs(@YS6#1#_7eL+?=Zp z#p+^9PPah-e~F^-3z>{}D%;$PD5}u8+q+or&5ScB8pBWol0tI>()g_6lG8cwqi=Wx zgoS=Cg^P4dg!Vsv{nDyVe(wJEb#vh<{~W8qLtJBm`VrE|);+$Vj;|J$53b+nu2X+l zeF<;Jgtj?Cd0D(L`O!yvIBuG(`JFJIhD)5GOCPqycX;z+Yy7GBM62RG!BYaZpQ?d7H9`%Dut z(@EdK?hi{)u#)N745&*E;G8R4KSJR~MX+K?97}E%C|Oo2P=}ZPAwf^#!_d9!z06#v zgY{TeSc~6MkF&Bf1e_EIRexc+yCop@&eDs6QQuKte{b%L%a>7&HwNJm4gzi)PZ9@g zww)I&l2xjo8IOD>OiCdbv0e#8-C6953s#oZPd#@euTp8gh}*vW_Hpv6`7cfHrcYMq zP};BE8J{SVblMD@$xO@*%?<9`6pQxAn7Op7B`AAuZ)Ve=;OW&*uB5?^$DNwPn&b5* zvh-loqsW{TiB9$#`Eo6@Vtv;oHLRFrwqFH$2r%qOj2fT2*fN`Fb$Yr@?d0ZQCeYoXf%4^ZK1-ZEr`{^3r^yxqcODQ@M z&h+lmrlZfZ@y}Ghe$#?ayi3GX8y7MiXly9NMa3^y%llI1RsJAcf_`1Td)UxP+~ceV z&!<|;EpDbKrWE0BJBkdH6cS0~$i%|4gpow5FL17Kmz-bE*zAs8^Ge%N9t-j_e-#1` z&|1z6Wad3zC;Wc->Q1@!iOmP4AE@ta!DwnSA731@x}rK6w`h^4sMLH@{oH+KcJ;=d zx^$(E@QQbDwCLxzEE&#KnkwpqSppmroi zhP_mJ%*YGg4n3vd?sU1)!gT!z(Jr2e)9!Pv#L%Hb1WUSwLYp)#(mjvQ-0I#X6dIK+ zGfLtU`o<$lRUo5OL8vfZbZBf<KDaF_yPj(B#mNq$ouCEH4Z;tTENm)%sx&l`DD@fsB!rjW21<^UTv1vSWjIX z&5t-L#1t&88HP4I^J6tw8^6*;j;deks`EDz0niPGegbt>_j0?aORUDk=x9OJ1hxh zefNSUkhi*miOfC=&h$=aPjH+(L1}T7;aj@TWa8_gak>TWIUN46MP<@l6N)y6xN^<# zTf5>cb-zjfF$@0%4qyR-cMGpaT2ZboqLH|BYR7BoDGzDc8{yeEvUCwT+F!a_G%Jg* zH5|5Yq1pH5sze}IV@GfP z!hiaoCjEi`_!}Js{AZwTzsDW$9}Pi7{E8Qv|HNCP`A;Axn*T&gqxsL$$XHb1ulNr< z3eA5yteok3{nyDwR!%RKS0P%Fz5rDge!Y^hnYC=Nk>0 z|8y>(`HzYQR|`AfKX!TZ_GDJQo=W*Hoc)0RTtp3_9RGy>Txm!1pJM$#=Ra0vX#NwU zh~__M2hjWnmk`Z=xMY9Je+-Jy{6}C4&3`xrf6ISfS_ac&zC3&4L)nV|Vk$}XD! zxZ|Vwk5PDx{3_r-F4AcJ6PkhMKhqOv{^R3`=0DHGe#?IrU;ixsx$0WyQa{(Gu3IVp ztm~THI>dh>g4i@J`rDAl zLxi{#nb<_ZxAw7RcirR-m*whA1xgP1&)R)E{5qy$InvadO#7;Mfd8D4I%c#r84wJN705+(J6|2Pojk5>&2u*pc-clqQ@*`q27`vgKO0RM6O z75{k%_zymtbuslB;y2c0(M=Hl$<0|wXa)S|1;l^kApS$+nsEp4AF5+cUwp9u|G7j* z3-KR#)zkt1iLhl>afJBKX8i&GNq9}Oc|$k-D#U*-<_FPxhg*Gy_z#a4r<|p}-?Q)h zM`DJs@)_Vi%jeuIW_+Tm_kuQj5_HZ2{&VU+#D8$l;A77L{&T^q^??6m1O9_GG70$4 z7T`Z9z<(yc^BU;h zIHy09Rwsn`k3%X!Jj8#(bed%j_)mCQx}?L}^$V#A4-=njb171jm2*UqM)T>dm*E(* zhAZpd6_$=>EPN5DAcE#Ub)?Nw5dXodXW+&kjLjx?1^h?jgl^2F9T^SaKevwo{=*m+ zbbSwb@N%Wk9?jxf0MvM8vIg|*$FWoQ^0@7ZQ-|y0sq-6C2WNFPaed743yT9 zBs8O_`Pd4;f7X2YC)1ub`DsLmdNnD$P<0_y4E#0!iD5wVpHs7ss#>`(jfDgLGqouB zc*Lss4X@=#gp@jIHN<}!;_B2*2~6!`Oj2K7jvR#PFYgg8wWI@iVF-+?_aa|aI#`wxMjc|GGd?tR%jZ%a{lix9@kRsKc@^l5?>;hmB(Mx1JfIpN0-z2cFqH&007L{d4}<{v1_TG91#dcR^W!emNi*aku2P>8Dr+?NRDns15l74*S3# zs0|64Q}v@CG%*F^0LB4~0~iM|4qzO>IDl~g;{e71i~|@4Fb@3N9r&yKAA9h{;2i-5 ziuh!Z|MP7=g!2D2ASh>ta#~v;hy}O;LHRz!0ifJA7Kjq)Hqc?93?LGq2S8AsT>=E< z^AI1P0crt)^8cqm(0dO8{W{Nw_EB;6a5Q(eVma$%p$ry($)A7Z(NInJy?^=;$w545 zJ18zxeqS?zH-*Lk2?hrXP(TPIKm*XR^RRaOB?Rce6pRBH2QUs`9Kbk$aRB20#sQ22 z7zZ#8U>v|W@Sp7fl>b7hFO)w+&(oni9!i0s=k`!O4gIzUF{q*Z8OqI}JRN#Q59R$( zUJk8?p5;UNJT=fEASkDY@_y)fIkcW0)C@pJfEaZwC zkT4hU=K;>e8JIJuQ7~w>#NRJ8VD`w5BZaOZd?M&-LNgsuDIF|)e;F5VtB2-9aDrw3 z?|s5B9hf=H0_F&_{@(L*6&VcsAU<^6LdWrU_J-!5eE*dbm_8Ui3T6dU1hpmXGRz4a z2js)wE%YEhbPxUT;P37S{cZ|W@L<{pQJsJbkoPJey3N5cK|LNYJJ5DUZ~CXN+#o*W zICSs+-SI3$U-3#I@@=mZ$zd2kijLu-DjAi$^BkJx{A z{7?Y5pNjI=8~-!$|N0$&ZtcGkAG&ripSQnu@c&mE3!Hr%@C6Tz`uCsR(0BBo&UfQi zbaA-sWbNz$gZ?#8*M{c6DY{r5e5OEc0kCkeUO)o2CRz5sd9VH4oq^f