[Bug 65746] New: java.lang.NullPointerException in `org.apache.poi.openxml4j.opc.internal.unmarshallers.PackagePropertiesUnmarshaller.checkElementForOPCCompliance::PackagePropertiesUnmarshaller.java:243` poi 5.1.0

Mon, 13 Dec 2021 02:08:24 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=65746

            Bug ID: 65746
           Summary: java.lang.NullPointerException in
                    `org.apache.poi.openxml4j.opc.internal.unmarshallers.P
                    ackagePropertiesUnmarshaller.checkElementForOPCComplia
                    nce::PackagePropertiesUnmarshaller.java:243` poi 5.1.0
           Product: POI
           Version: 5.0.x-dev
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: OPC
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

# java.lang.NullPointerException in
`org.apache.poi.openxml4j.opc.internal.unmarshallers.PackagePropertiesUnmarshaller.checkElementForOPCCompliance::PackagePropertiesUnmarshaller.java:243`
poi 5.1.0

This vulnerability is of java.lang.NullPointerException, and can be triggered
in latest version poi (5.1.0).
It is caused by not checking the pointer before dereference it and also failing
to catch the runtime java exception (it should be wrapped as one kind of
JSONException), and can .
Likely, the root cause of this crash is in
`org.apache.poi.openxml4j.opc.internal.unmarshallers.PackagePropertiesUnmarshaller.checkElementForOPCCompliance::PackagePropertiesUnmarshaller.java:243`.
See more detail from the following crash stack.

# Crash stack:
The crash thread's stack is as follows:

```
org.apache.poi.openxml4j.opc.internal.unmarshallers.PackagePropertiesUnmarshaller.checkElementForOPCCompliance::PackagePropertiesUnmarshaller.java:243
org.apache.poi.openxml4j.opc.internal.unmarshallers.PackagePropertiesUnmarshaller.unmarshall::PackagePropertiesUnmarshaller.java:111
org.apache.poi.openxml4j.opc.OPCPackage.getParts::OPCPackage.java:760
org.apache.poi.openxml4j.opc.OPCPackage.open::OPCPackage.java:315
org.apache.poi.ooxml.util.PackageHelper.open::PackageHelper.java:47
org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>::XSSFWorkbook.java:296
com.test.Entry.main::Entry.java:32
```


# Steps to reproduce: 

1. Build the following java code with the corresponding poi library (version
5.1.0).

```
## Download poi_env_reproduce.zip from
https://drive.google.com/file/d/1N4gUC0MF-SAN-Xz0van0_7TbNj4aUuFd/view?usp=sharing
unzip poi_env_reproduce.zip
cd poi_env_reproduce
bash build.sh
```

2. Run the built program to see the crash by feeding one of the poc file
contained in the pocs.tar.gz, e.g. :

```bash
java -jar target/Entry-1.0-SNAPSHOT-jar-with-dependencies.jar
pocs/crash-2e2e45d90c0e63d10f58e635c9d679dd7cbd3a06
```

Any further discussion for this vulnerability including fix is welcomed!
Feel free to contact me at [email protected]
(https://github.com/ZanderHuang)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to