Bug 66425: Avoid a NullPointerException found via oss-fuzz

We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62626

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912792 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 5 insertions, 1 deletions

diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java
index 3d08cf7fbf..fc2828ed0d 100644
--- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java
+++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java
@@ -79,10 +79,14 @@ public class AgileEncryptionHeader extends EncryptionHeader {
                     keyData.getHashAlgorithm() + " @ " + hashSize + " bytes");
         }
 
+        if (keyData.getSaltSize() == null) {
+            throw new EncryptedDocumentException("Invalid salt length: " + keyData.getSaltSize());
+        }
+
         int saltLength = keyData.getSaltSize();
         setKeySalt(keyData.getSaltValue());
         if (getKeySalt().length != saltLength) {
-            throw new EncryptedDocumentException("Invalid salt length");
+            throw new EncryptedDocumentException("Invalid salt length: " + getKeySalt().length + " and " + saltLength);
         }
 
         DataIntegrity di = ed.getDataIntegrity();