Prevent one more case of allocating endlessly on invalid TNEF/HMEF/MAPI files

Limit the number of attributes to 10,000 by default

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1899072 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java b/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
index a5f797220eac6e6735989fa9fe5eb83ace15b0a5..f851526ea3b514b3d953401abe51132179b3483a 100644 (file)
--- a/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
@@ -43,6 +43,7 @@ public class MAPIAttribute {
    //arbitrarily selected; may need to increase
    private static final int DEFAULT_MAX_RECORD_LENGTH = 1_000_000;
    private static int MAX_RECORD_LENGTH = 1_000_000;
+   private static int MAX_RECORD_COUNT = 10_000;
 
    private final MAPIProperty property;
    private final int type;
@@ -183,6 +184,7 @@ public class MAPIAttribute {
             int values = 1;
             if(isMV || isVL) {
                values = LittleEndian.readInt(inp);
+               IOUtils.safelyAllocateCheck(values, MAX_RECORD_COUNT);
             }
 
             if (type == Types.NULL && values > 1) {

diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java b/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java
index d644debe5c3a5ac7c710d677489fafac07a44865..bacbc63a46e6c61116856b8644bdcea27fa5003a 100644 (file)
--- a/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java
@@ -22,7 +22,6 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 import java.text.DateFormat;
@@ -35,6 +34,7 @@ import org.apache.poi.hmef.HMEFMessage;
 import org.apache.poi.hsmf.datatypes.MAPIProperty;
 import org.apache.poi.util.LittleEndian;
 import org.apache.poi.util.LocaleUtil;
+import org.apache.poi.util.RecordFormatException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
@@ -55,7 +55,7 @@ public final class TestTNEFAttributes {
     @Test
     void testMalformedTNEF() throws Exception {
         try (InputStream is = _samples.openResourceAsStream("oom.tnef")) {
-            assertThrows(IOException.class, ()-> new HMEFMessage(is));
+            assertThrows(RecordFormatException.class, ()-> new HMEFMessage(is));
         }
     }
 
@@ -63,7 +63,7 @@ public final class TestTNEFAttributes {
      * Test counts
      */
     @Test
-    void testCounts() throws Exception {
+    void testCounts() {
         // The message should have 4 attributes
         assertEquals(4, quick.getMessageAttributes().size());
 
@@ -79,15 +79,19 @@ public final class TestTNEFAttributes {
     @Test
     void testBasics() throws Exception {
         // An int one
+        TNEFAttribute messageAttributeVersion = quick.getMessageAttribute(TNEFProperty.ID_TNEFVERSION);
+        assertNotNull(messageAttributeVersion);
         assertEquals(
                 0x010000,
-                LittleEndian.getInt(quick.getMessageAttribute(TNEFProperty.ID_TNEFVERSION).getData())
+                LittleEndian.getInt(messageAttributeVersion.getData())
         );
 
         // Claims not to be text, but really is
+        TNEFAttribute messageAttributeClass = quick.getMessageAttribute(TNEFProperty.ID_MESSAGECLASS);
+        assertNotNull(messageAttributeClass);
         assertEquals(
                 "IPM.Microsoft Mail.Note\0",
-            new String(quick.getMessageAttribute(TNEFProperty.ID_MESSAGECLASS).getData(), StandardCharsets.US_ASCII)
+            new String(messageAttributeClass.getData(), StandardCharsets.US_ASCII)
         );
 
         // Try constructing two attributes
@@ -140,7 +144,7 @@ public final class TestTNEFAttributes {
      * Test string based ones
      */
     @Test
-    void testString() throws Exception {
+    void testString() {
         TNEFAttribute attr = quick.getAttachments().get(0).getAttribute(
                 TNEFProperty.ID_ATTACHTITLE
         );
@@ -159,7 +163,7 @@ public final class TestTNEFAttributes {
      * Test date based ones
      */
     @Test
-    void testDate() throws Exception {
+    void testDate() {
         TNEFAttribute attr = quick.getAttachments().get(0).getAttribute(
                 TNEFProperty.ID_ATTACHMODIFYDATE
         );
@@ -169,7 +173,7 @@ public final class TestTNEFAttributes {
         // It is a series of date parts
         // Weds 28th April 2010 @ 12:40:56 UTC
         assertEquals(2010, LittleEndian.getUShort(attr.getData(), 0));
-        assertEquals(04, LittleEndian.getUShort(attr.getData(), 2));
+        assertEquals( 4, LittleEndian.getUShort(attr.getData(), 2));
         assertEquals(28, LittleEndian.getUShort(attr.getData(), 4));
         assertEquals(12, LittleEndian.getUShort(attr.getData(), 6));
         assertEquals(40, LittleEndian.getUShort(attr.getData(), 8));
@@ -188,7 +192,7 @@ public final class TestTNEFAttributes {
      * Test a bit of mapi
      */
     @Test
-    void testMAPI() throws Exception {
+    void testMAPI() {
         // Message MAPI
         TNEFAttribute attr = quick.getMessageAttribute(
                 TNEFProperty.ID_MAPIPROPERTIES
@@ -223,7 +227,7 @@ public final class TestTNEFAttributes {
      * Test common ones via helpers
      */
     @Test
-    void testCommon() throws Exception {
+    void testCommon() {
         assertEquals("This is a test message", quick.getSubject());
         assertEquals("quick.doc", quick.getAttachments().get(0).getFilename());
     }