From 9df7e2d8479c8dfcc365e1766407517c90427d6b Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Sun, 20 Mar 2022 06:52:47 +0000
Subject: Prevent one more case of allocating endlessly on invalid
 TNEF/HMEF/MAPI files

Limit the number of attributes to 10,000 by default

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1899072 13f79535-47bb-0310-9956-ffa450edef68
---
 .../src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java      | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'poi-scratchpad/src/main')

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java b/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
index a5f797220e..f851526ea3 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
@@ -43,6 +43,7 @@ public class MAPIAttribute {
    //arbitrarily selected; may need to increase
    private static final int DEFAULT_MAX_RECORD_LENGTH = 1_000_000;
    private static int MAX_RECORD_LENGTH = 1_000_000;
+   private static int MAX_RECORD_COUNT = 10_000;
 
    private final MAPIProperty property;
    private final int type;
@@ -183,6 +184,7 @@ public class MAPIAttribute {
             int values = 1;
             if(isMV || isVL) {
                values = LittleEndian.readInt(inp);
+               IOUtils.safelyAllocateCheck(values, MAX_RECORD_COUNT);
             }
 
             if (type == Types.NULL && values > 1) {
-- 
cgit v1.2.3