Fix issues found when fuzzing Apache POI via Jazzer

Add some null-checks and report more meaningful exceptions This provides a bit more information than simple NullPointExceptions git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1895600 13f79535-47bb-0310-9956-ffa450edef68
author: Dominik Stadler <centic@apache.org> 2021-12-05 17:34:44 +0000
committer: Dominik Stadler <centic@apache.org> 2021-12-05 17:34:44 +0000
commit: 1e9efb5562517c657293e49d57654f3bd55fc3a5 (patch)
tree: b039afd19a2c03d2187f48a67107647219733ca1 /poi
parent: f0e7cc0881856ba25a965504e68a70f7dd9046b3 (diff)
download: poi-1e9efb5562517c657293e49d57654f3bd55fc3a5.tar.gz
poi-1e9efb5562517c657293e49d57654f3bd55fc3a5.zip
4 files changed, 18 insertions, 5 deletions
diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java
index 898670eaba..a6881bc5bc 100644
--- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java
+++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java
@@ -196,6 +196,10 @@ public class AgileDecryptor extends Decryptor {
         Cipher cipher = getCipher(skey, cipherAlgo, chainMode, iv, cipherMode);
         byte[] hashFinal;
 
+        if (inputKey == null) {
+            throw new EncryptedDocumentException("Cannot has input without inputKey");
+        }
+
         try {
             inputKey = getBlock0(inputKey, getNextBlockSize(inputKey.length, blockSize));
             hashFinal = cipher.doFinal(inputKey);
diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionVerifier.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionVerifier.java
index 6699b543c4..1e7bdd9a44 100644
--- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionVerifier.java
+++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionVerifier.java
@@ -45,7 +45,7 @@ public class AgileEncryptionVerifier extends EncryptionVerifier {
         }
 
         if (keyData == null) {
-            throw new NullPointerException("encryptedKey not set");
+            throw new IllegalArgumentException("encryptedKey not set");
         }
 
         setCipherAlgorithm(keyData.getCipherAlgorithm());
@@ -64,14 +64,17 @@ public class AgileEncryptionVerifier extends EncryptionVerifier {
                     keyData.getHashAlgorithm() + " @ " + hashSize + " bytes");
         }
 
-        setSpinCount(keyData.getSpinCount());
+        Integer spinCount = keyData.getSpinCount();
+        if (spinCount != null) {
+            setSpinCount(spinCount);
+        }
         setEncryptedVerifier(keyData.getEncryptedVerifierHashInput());
         setSalt(keyData.getSaltValue());
         setEncryptedKey(keyData.getEncryptedKeyValue());
         setEncryptedVerifierHash(keyData.getEncryptedVerifierHashValue());
 
-        int saltSize = keyData.getSaltSize();
-        if (saltSize != getSalt().length) {
+        Integer saltSize = keyData.getSaltSize();
+        if (saltSize == null || saltSize != getSalt().length) {
             throw new EncryptedDocumentException("Invalid salt size");
         }
 
diff --git a/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSMiniStore.java b/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSMiniStore.java
index db49e5b814..18cdfd58f7 100644
--- a/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSMiniStore.java
+++ b/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSMiniStore.java
@@ -29,6 +29,7 @@ import org.apache.poi.poifs.property.RootProperty;
 import org.apache.poi.poifs.storage.BATBlock;
 import org.apache.poi.poifs.storage.BATBlock.BATBlockAndIndex;
 import org.apache.poi.poifs.storage.HeaderBlock;
+import org.apache.poi.util.RecordFormatException;
 
 /**
  * This class handles the MiniStream (small block store)
@@ -43,6 +44,9 @@ public class POIFSMiniStore extends BlockStore {
 
     POIFSMiniStore(POIFSFileSystem filesystem, RootProperty root,
                    List<BATBlock> sbats, HeaderBlock header) {
+        if (root == null) {
+            throw new RecordFormatException("Invalid argument to POIFSMiniStore: root is null");
+        }
         this._filesystem = filesystem;
         this._sbat_blocks = sbats;
         this._header = header;
diff --git a/poi/src/main/java/org/apache/poi/poifs/property/PropertyTable.java b/poi/src/main/java/org/apache/poi/poifs/property/PropertyTable.java
index 42f380f341..d7a54c38c9 100644
--- a/poi/src/main/java/org/apache/poi/poifs/property/PropertyTable.java
+++ b/poi/src/main/java/org/apache/poi/poifs/property/PropertyTable.java
@@ -105,7 +105,9 @@ public final class PropertyTable implements BATManaged {
             PropertyFactory.convertToProperties(data, _properties);
         }
 
-        populatePropertyTree( (DirectoryProperty)_properties.get(0));
+        if (_properties.get(0) != null) {
+            populatePropertyTree((DirectoryProperty) _properties.get(0));
+        }
     }
author	Dominik Stadler <centic@apache.org>	2021-12-05 17:34:44 +0000
committer	Dominik Stadler <centic@apache.org>	2021-12-05 17:34:44 +0000
commit	1e9efb5562517c657293e49d57654f3bd55fc3a5 (patch)
tree	b039afd19a2c03d2187f48a67107647219733ca1 /poi
parent	f0e7cc0881856ba25a965504e68a70f7dd9046b3 (diff)
download	poi-1e9efb5562517c657293e49d57654f3bd55fc3a5.tar.gz poi-1e9efb5562517c657293e49d57654f3bd55fc3a5.zip