_length = dis.readLong();
- return new BoundedInputStream(new CipherInputStream(dis, getCipher(getSecretKey())), _length);
+ // limit wrong calculated ole entries - (bug #57080)
+ // standard encryption always uses aes encoding, so blockSize is always 16
+ // http://stackoverflow.com/questions/3283787/size-of-data-after-aes-encryption
+ int blockSize = info.getHeader().getCipherAlgorithm().blockSize;
+ long cipherLen = (_length/blockSize + 1) * blockSize;
+ Cipher cipher = getCipher(getSecretKey());
+
+ InputStream boundedDis = new BoundedInputStream(dis, cipherLen);
+ return new BoundedInputStream(new CipherInputStream(boundedDis, cipher), _length);
}
public long getLength(){
import static org.junit.Assert.assertTrue;\r
\r
import java.io.ByteArrayInputStream;\r
+import java.io.ByteArrayOutputStream;\r
+import java.io.File;\r
import java.io.IOException;\r
import java.io.InputStream;\r
import java.security.GeneralSecurityException;\r
import java.util.zip.ZipInputStream;\r
\r
import org.apache.poi.POIDataSamples;\r
+import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;\r
import org.apache.poi.poifs.filesystem.POIFSFileSystem;\r
+import org.apache.poi.util.IOUtils;\r
import org.junit.Test;\r
\r
/**\r
}\r
}\r
\r
+ @Test\r
+ public void bug57080() throws Exception {\r
+ // the test file contains a wrong ole entry size, produced by extenxls\r
+ // the fix limits the available size and tries to read all entries \r
+ File f = POIDataSamples.getPOIFSInstance().getFile("extenxls_pwd123.xlsx");\r
+ NPOIFSFileSystem fs = new NPOIFSFileSystem(f, true);\r
+ EncryptionInfo info = new EncryptionInfo(fs);\r
+ Decryptor d = Decryptor.getInstance(info);\r
+ d.verifyPassword("pwd123");\r
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();\r
+ ZipInputStream zis = new ZipInputStream(d.getDataStream(fs));\r
+ ZipEntry ze;\r
+ while ((ze = zis.getNextEntry()) != null) {\r
+ bos.reset();\r
+ IOUtils.copy(zis, bos);\r
+ assertEquals(ze.getSize(), bos.size());\r
+ }\r
+ \r
+ zis.close();\r
+ fs.close();\r
+ }\r
}
\ No newline at end of file