Author: fanningpj
Date: Sat Feb 19 11:28:50 2022
New Revision: 1898208
URL: http://svn.apache.org/viewvc?rev=1898208&view=rev
Log:
[bug-65899] fix issue where malformed tnef file can cause memory problems
Added:
poi/trunk/test-data/hmef/oom.tnef (with props)
Modified:
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java
(contents, props changed)
Modified:
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
URL:
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java?rev=1898208&r1=1898207&r2=1898208&view=diff
==============================================================================
---
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
(original)
+++
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
Sat Feb 19 11:28:50 2022
@@ -150,7 +150,9 @@ public class MAPIAttribute {
MAPIProperty prop = MAPIProperty.get(id);
if(id >= 0x8000 && id <= 0xFFFF) {
byte[] guid = new byte[16];
- IOUtils.readFully(inp, guid);
+ if (IOUtils.readFully(inp, guid) < 0) {
+ throw new IOException("Not enough data to read guid");
+ }
int mptype = LittleEndian.readInt(inp);
// Get the name of it
@@ -164,7 +166,9 @@ public class MAPIAttribute {
// Custom name was stored
int mplen = LittleEndian.readInt(inp);
byte[] mpdata = IOUtils.safelyAllocate(mplen,
MAX_RECORD_LENGTH);
- IOUtils.readFully(inp, mpdata);
+ if (IOUtils.readFully(inp, mpdata) < 0) {
+ throw new IOException("Not enough data to read " + mplen + "
bytes for attribute name");
+ }
name = StringUtil.getFromUnicodeLE(mpdata, 0, (mplen/2)-1);
skipToBoundary(mplen, inp);
}
@@ -189,7 +193,9 @@ public class MAPIAttribute {
for(int j=0; j<values; j++) {
int len = getLength(type, inp);
byte[] data = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH);
- IOUtils.readFully(inp, data);
+ if (IOUtils.readFully(inp, data) < 0) {
+ throw new IOException("Not enough data to read " + len + "
bytes of attribute value");
+ }
skipToBoundary(len, inp);
// Create
Modified:
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java
URL:
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java?rev=1898208&r1=1898207&r2=1898208&view=diff
==============================================================================
Binary files - no diff available.
Propchange:
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: poi/trunk/test-data/hmef/oom.tnef
URL:
http://svn.apache.org/viewvc/poi/trunk/test-data/hmef/oom.tnef?rev=1898208&view=auto
==============================================================================
Binary file - no diff available.
Propchange: poi/trunk/test-data/hmef/oom.tnef
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
