From 5e7d8e85ca47f41eb870c42be6b88fb0ce0f4cab Mon Sep 17 00:00:00 2001 From: PJ Fanning Date: Fri, 8 Oct 2021 18:12:18 +0000 Subject: [bug-65372] allow max entry size to be higher than 4Gb git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1894036 13f79535-47bb-0310-9956-ffa450edef68 --- .../org/apache/poi/openxml4j/util/ZipSecureFile.java | 10 ++++++++-- .../java/org/apache/poi/openxml4j/opc/TestPackage.java | 1 - .../apache/poi/openxml4j/util/TestZipSecureFile.java | 18 +++++++++++++++++- .../test/java/org/apache/poi/xwpf/TestXWPFBugs.java | 10 ++++++++++ 4 files changed, 35 insertions(+), 4 deletions(-) diff --git a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java index 290b5fbd8c..e9365b4a74 100644 --- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java +++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java @@ -22,6 +22,8 @@ import java.io.IOException; import org.apache.commons.compress.archivers.zip.ZipArchiveEntry; import org.apache.commons.compress.archivers.zip.ZipFile; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /** * This class wraps a {@link ZipFile} in order to check the @@ -32,6 +34,7 @@ import org.apache.commons.compress.archivers.zip.ZipFile; * and {@link #setMinInflateRatio(double)}. */ public class ZipSecureFile extends ZipFile { + private static final Logger LOG = LogManager.getLogger(ZipSecureFile.class); /* package */ static double MIN_INFLATE_RATIO = 0.01d; /* package */ static long MAX_ENTRY_SIZE = 0xFFFFFFFFL; @@ -71,10 +74,13 @@ public class ZipSecureFile extends ZipFile { * security vulnerabilities when documents are provided by users. * * @param maxEntrySize the max. file size of a single zip entry + * @throws IllegalArgumentException for negative maxEntrySize */ public static void setMaxEntrySize(long maxEntrySize) { - if (maxEntrySize < 0 || maxEntrySize > 0xFFFFFFFFL) { // don't use MAX_ENTRY_SIZE here! - throw new IllegalArgumentException("Max entry size is bounded [0-4GB], but had " + maxEntrySize); + if (maxEntrySize < 0) { + throw new IllegalArgumentException("Max entry size must be greater than or equal to zero"); + } else if (maxEntrySize > 0xFFFFFFFFL) { + LOG.atWarn().log("setting max entry size greater tahn 4Gb can be risky; set to " + maxEntrySize + " bytes"); } MAX_ENTRY_SIZE = maxEntrySize; } diff --git a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java index 65bdc4bcbf..038dcee86d 100644 --- a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java +++ b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java @@ -32,7 +32,6 @@ import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; import java.io.BufferedInputStream; -import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; diff --git a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java index d80a44a1d8..2eef717dfa 100644 --- a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java +++ b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java @@ -25,7 +25,7 @@ import org.junit.jupiter.api.Test; import java.io.InputStream; import java.util.Enumeration; -import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.*; class TestZipSecureFile { @Test @@ -47,4 +47,20 @@ class TestZipSecureFile { } } } + + @Test + void testSettingMaxEntrySizeAsNegative() { + assertThrows(IllegalArgumentException.class, () -> ZipSecureFile.setMaxEntrySize(-1)); + } + + @Test + void testSettingMaxEntrySizeAs8Gb() { + long approx8Gb = 0xFFFFFFFFL * 2; + try { + ZipSecureFile.setMaxEntrySize(approx8Gb); + assertEquals(approx8Gb, ZipSecureFile.getMaxEntrySize()); + } finally { + ZipSecureFile.setMaxEntrySize(0xFFFFFFFFL); + } + } } diff --git a/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java b/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java index b630075831..581b3bbefa 100644 --- a/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java +++ b/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java @@ -139,4 +139,14 @@ class TestXWPFBugs { zf.close(); } } + + @Test + void bug65320() throws Exception { + try ( + OPCPackage pkg = OPCPackage.open(samples.getFile("bug65320.docx")); + XWPFDocument document = new XWPFDocument(pkg) + ){ + assertEquals(1, document.getAllPictures().size()); + } + } } \ No newline at end of file -- cgit v1.2.3