You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by ki...@apache.org on 2014/10/14 01:42:34 UTC
svn commit: r1631600 - in /poi: site/src/documentation/content/xdocs/
trunk/src/java/org/apache/poi/poifs/crypt/standard/
trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/ trunk/test-data/poifs/
Author: kiwiwings
Date: Mon Oct 13 23:42:33 2014
New Revision: 1631600
URL: http://svn.apache.org/r1631600
Log:
Bug 57080 - IndexOutOfBoundsException in poi decryptor
Added:
poi/trunk/test-data/poifs/extenxls_pwd123.xlsx (with props)
Modified:
poi/site/src/documentation/content/xdocs/status.xml
poi/trunk/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java
poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java
Modified: poi/site/src/documentation/content/xdocs/status.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/status.xml?rev=1631600&r1=1631599&r2=1631600&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/status.xml (original)
+++ poi/site/src/documentation/content/xdocs/status.xml Mon Oct 13 23:42:33 2014
@@ -38,6 +38,7 @@
</devs>
<release version="3.11-beta3" date="2014-??-??">
+ <action dev="PD" type="fix" fixes-bug="57080">IndexOutOfBoundsException in poi decryptor</action>
<action dev="PD" type="add">The minimum Apache Ant version required to build has been increased to 1.8.x or later</action>
<action dev="PD" type="add" fixes-bug="56956">Add a NPOIFSFileSystem constructor with a FileChannel and the read-only option</action>
<action dev="PD" type="fix" fixes-bug="56914">XSSFRowShifter.updateConditionalFormatting throws IOOBE when there are more than 1 CTConditionalFormatting</action>
Modified: poi/trunk/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java?rev=1631600&r1=1631599&r2=1631600&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/crypt/standard/StandardDecryptor.java Mon Oct 13 23:42:33 2014
@@ -139,7 +139,15 @@ public class StandardDecryptor extends D
_length = dis.readLong();
- return new BoundedInputStream(new CipherInputStream(dis, getCipher(getSecretKey())), _length);
+ // limit wrong calculated ole entries - (bug #57080)
+ // standard encryption always uses aes encoding, so blockSize is always 16
+ // http://stackoverflow.com/questions/3283787/size-of-data-after-aes-encryption
+ int blockSize = info.getHeader().getCipherAlgorithm().blockSize;
+ long cipherLen = (_length/blockSize + 1) * blockSize;
+ Cipher cipher = getCipher(getSecretKey());
+
+ InputStream boundedDis = new BoundedInputStream(dis, cipherLen);
+ return new BoundedInputStream(new CipherInputStream(boundedDis, cipher), _length);
}
public long getLength(){
Modified: poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java?rev=1631600&r1=1631599&r2=1631600&view=diff
==============================================================================
--- poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java (original)
+++ poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestDecryptor.java Mon Oct 13 23:42:33 2014
@@ -20,6 +20,8 @@ import static org.junit.Assert.assertEqu
import static org.junit.Assert.assertTrue;
import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
@@ -27,7 +29,9 @@ import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import org.apache.poi.POIDataSamples;
+import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
+import org.apache.poi.util.IOUtils;
import org.junit.Test;
/**
@@ -122,4 +126,25 @@ public class TestDecryptor {
}
}
+ @Test
+ public void bug57080() throws Exception {
+ // the test file contains a wrong ole entry size, produced by extenxls
+ // the fix limits the available size and tries to read all entries
+ File f = POIDataSamples.getPOIFSInstance().getFile("extenxls_pwd123.xlsx");
+ NPOIFSFileSystem fs = new NPOIFSFileSystem(f, true);
+ EncryptionInfo info = new EncryptionInfo(fs);
+ Decryptor d = Decryptor.getInstance(info);
+ d.verifyPassword("pwd123");
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ZipInputStream zis = new ZipInputStream(d.getDataStream(fs));
+ ZipEntry ze;
+ while ((ze = zis.getNextEntry()) != null) {
+ bos.reset();
+ IOUtils.copy(zis, bos);
+ assertEquals(ze.getSize(), bos.size());
+ }
+
+ zis.close();
+ fs.close();
+ }
}
\ No newline at end of file
Added: poi/trunk/test-data/poifs/extenxls_pwd123.xlsx
URL: http://svn.apache.org/viewvc/poi/trunk/test-data/poifs/extenxls_pwd123.xlsx?rev=1631600&view=auto
==============================================================================
Binary file - no diff available.
Propchange: poi/trunk/test-data/poifs/extenxls_pwd123.xlsx
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org