Bug 57080 - IndexOutOfBoundsException in poi decryptor

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1631600 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java b/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java
index a3bef188a64b2a404d450778ef31060911033953..86e31fb7a261f1526a412d97b2816f7f6f75b4e1 100644 (file)
--- a/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java
+++ b/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java
@@ -139,7 +139,15 @@ public class StandardDecryptor extends Decryptor {
 
         _length = dis.readLong();
 
-        return new BoundedInputStream(new CipherInputStream(dis, getCipher(getSecretKey())), _length);
+        // limit wrong calculated ole entries - (bug #57080)
+        // standard encryption always uses aes encoding, so blockSize is always 16 
+        // http://stackoverflow.com/questions/3283787/size-of-data-after-aes-encryption
+        int blockSize = info.getHeader().getCipherAlgorithm().blockSize;
+        long cipherLen = (_length/blockSize + 1) * blockSize;
+        Cipher cipher = getCipher(getSecretKey());
+        
+        InputStream boundedDis = new BoundedInputStream(dis, cipherLen);
+        return new BoundedInputStream(new CipherInputStream(boundedDis, cipher), _length);
     }
 
     public long getLength(){

diff --git a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java
index 48bc7a15a3fd3eac9b2c887332bf6577106b559b..d0f2c67f51d8262c02a9d26423bf865947824014 100644 (file)
--- a/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java
+++ b/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java
@@ -20,6 +20,8 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;\r
 \r
 import java.io.ByteArrayInputStream;\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.File;\r
 import java.io.IOException;\r
 import java.io.InputStream;\r
 import java.security.GeneralSecurityException;\r
@@ -27,7 +29,9 @@ import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;\r
 \r
 import org.apache.poi.POIDataSamples;\r
+import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;\r
 import org.apache.poi.poifs.filesystem.POIFSFileSystem;\r
+import org.apache.poi.util.IOUtils;\r
 import org.junit.Test;\r
 \r
 /**\r
@@ -122,4 +126,25 @@ public class TestDecryptor {
         }\r
     }\r
 \r
+    @Test\r
+    public void bug57080() throws Exception {\r
+        // the test file contains a wrong ole entry size, produced by extenxls\r
+        // the fix limits the available size and tries to read all entries \r
+        File f = POIDataSamples.getPOIFSInstance().getFile("extenxls_pwd123.xlsx");\r
+        NPOIFSFileSystem fs = new NPOIFSFileSystem(f, true);\r
+        EncryptionInfo info = new EncryptionInfo(fs);\r
+        Decryptor d = Decryptor.getInstance(info);\r
+        d.verifyPassword("pwd123");\r
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();\r
+        ZipInputStream zis = new ZipInputStream(d.getDataStream(fs));\r
+        ZipEntry ze;\r
+        while ((ze = zis.getNextEntry()) != null) {\r
+            bos.reset();\r
+            IOUtils.copy(zis, bos);\r
+            assertEquals(ze.getSize(), bos.size());\r
+        }\r
+        \r
+        zis.close();\r
+        fs.close();\r
+    }\r
 }
\ No newline at end of file

diff --git a/test-data/poifs/extenxls_pwd123.xlsx b/test-data/poifs/extenxls_pwd123.xlsx
new file mode 100644 (file)
index 0000000..a6ae896
Binary files /dev/null and b/test-data/poifs/extenxls_pwd123.xlsx differ