diff options
author | PJ Fanning <fanningpj@apache.org> | 2022-02-19 11:28:50 +0000 |
---|---|---|
committer | PJ Fanning <fanningpj@apache.org> | 2022-02-19 11:28:50 +0000 |
commit | 6622d9badb3590cb6190d912730548635a359dc0 (patch) | |
tree | ad518dca3fb02745665f89f43ef7cdbbe9bb9d8e /poi-scratchpad/src | |
parent | c1b073625abf00e15598fead9b11d9a126d75311 (diff) | |
download | poi-6622d9badb3590cb6190d912730548635a359dc0.tar.gz poi-6622d9badb3590cb6190d912730548635a359dc0.zip |
[bug-65899] fix issue where malformed tnef file can cause memory problems
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1898208 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'poi-scratchpad/src')
-rw-r--r-- | poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java | 12 | ||||
-rw-r--r-- | poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java | 13 |
2 files changed, 22 insertions, 3 deletions
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java b/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java index 18f47d0654..0338ed62dc 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java @@ -150,7 +150,9 @@ public class MAPIAttribute { MAPIProperty prop = MAPIProperty.get(id); if(id >= 0x8000 && id <= 0xFFFF) { byte[] guid = new byte[16]; - IOUtils.readFully(inp, guid); + if (IOUtils.readFully(inp, guid) < 0) { + throw new IOException("Not enough data to read guid"); + } int mptype = LittleEndian.readInt(inp); // Get the name of it @@ -164,7 +166,9 @@ public class MAPIAttribute { // Custom name was stored int mplen = LittleEndian.readInt(inp); byte[] mpdata = IOUtils.safelyAllocate(mplen, MAX_RECORD_LENGTH); - IOUtils.readFully(inp, mpdata); + if (IOUtils.readFully(inp, mpdata) < 0) { + throw new IOException("Not enough data to read " + mplen + " bytes for attribute name"); + } name = StringUtil.getFromUnicodeLE(mpdata, 0, (mplen/2)-1); skipToBoundary(mplen, inp); } @@ -189,7 +193,9 @@ public class MAPIAttribute { for(int j=0; j<values; j++) { int len = getLength(type, inp); byte[] data = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); - IOUtils.readFully(inp, data); + if (IOUtils.readFully(inp, data) < 0) { + throw new IOException("Not enough data to read " + len + " bytes of attribute value"); + } skipToBoundary(len, inp); // Create diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java b/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java index 9e30526999..7d8869988e 100644 --- a/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java +++ b/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java @@ -19,8 +19,10 @@ package org.apache.poi.hmef.attribute; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.ByteArrayInputStream; +import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.text.DateFormat; @@ -48,6 +50,17 @@ public final class TestTNEFAttributes { } /** + * Test malformed TNEF is detected by MAPIAttribute and does not cause Out Of Memory error + */ + @Test + void testMalformedTNEF() throws Exception { + try (InputStream is = _samples.openResourceAsStream("oom.tnef")) { + quick = new HMEFMessage(is); + } catch (Exception e) { + assertTrue(e instanceof IOException); + } + } + /** * Test counts */ @Test |