Bug 57080 - IndexOutOfBoundsException in poi decryptor
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1631600 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andreas Beeker
parent
0980f4971c
commit
daa7d17531
@ -139,7 +139,15 @@ public class StandardDecryptor extends Decryptor {
|
|||||||
|
|
||||||
_length = dis.readLong();
|
_length = dis.readLong();
|
||||||
|
|
||||||
return new BoundedInputStream(new CipherInputStream(dis, getCipher(getSecretKey())), _length);
|
// limit wrong calculated ole entries - (bug #57080)
|
||||||
|
// standard encryption always uses aes encoding, so blockSize is always 16
|
||||||
|
// http://stackoverflow.com/questions/3283787/size-of-data-after-aes-encryption
|
||||||
|
int blockSize = info.getHeader().getCipherAlgorithm().blockSize;
|
||||||
|
long cipherLen = (_length/blockSize + 1) * blockSize;
|
||||||
|
Cipher cipher = getCipher(getSecretKey());
|
||||||
|
|
||||||
|
InputStream boundedDis = new BoundedInputStream(dis, cipherLen);
|
||||||
|
return new BoundedInputStream(new CipherInputStream(boundedDis, cipher), _length);
|
||||||
}
|
}
|
||||||
|
|
||||||
public long getLength(){
|
public long getLength(){
|
||||||
|
|||||||
@ -20,6 +20,8 @@ import static org.junit.Assert.assertEquals;
|
|||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.ByteArrayOutputStream;
|
||||||
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.security.GeneralSecurityException;
|
import java.security.GeneralSecurityException;
|
||||||
@ -27,7 +29,9 @@ import java.util.zip.ZipEntry;
|
|||||||
import java.util.zip.ZipInputStream;
|
import java.util.zip.ZipInputStream;
|
||||||
|
|
||||||
import org.apache.poi.POIDataSamples;
|
import org.apache.poi.POIDataSamples;
|
||||||
|
import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;
|
||||||
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
|
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
|
||||||
|
import org.apache.poi.util.IOUtils;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -122,4 +126,25 @@ public class TestDecryptor {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void bug57080() throws Exception {
|
||||||
|
// the test file contains a wrong ole entry size, produced by extenxls
|
||||||
|
// the fix limits the available size and tries to read all entries
|
||||||
|
File f = POIDataSamples.getPOIFSInstance().getFile("extenxls_pwd123.xlsx");
|
||||||
|
NPOIFSFileSystem fs = new NPOIFSFileSystem(f, true);
|
||||||
|
EncryptionInfo info = new EncryptionInfo(fs);
|
||||||
|
Decryptor d = Decryptor.getInstance(info);
|
||||||
|
d.verifyPassword("pwd123");
|
||||||
|
ByteArrayOutputStream bos = new ByteArrayOutputStream();
|
||||||
|
ZipInputStream zis = new ZipInputStream(d.getDataStream(fs));
|
||||||
|
ZipEntry ze;
|
||||||
|
while ((ze = zis.getNextEntry()) != null) {
|
||||||
|
bos.reset();
|
||||||
|
IOUtils.copy(zis, bos);
|
||||||
|
assertEquals(ze.getSize(), bos.size());
|
||||||
|
}
|
||||||
|
|
||||||
|
zis.close();
|
||||||
|
fs.close();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
BIN
test-data/poifs/extenxls_pwd123.xlsx
Normal file
BIN
test-data/poifs/extenxls_pwd123.xlsx
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user