diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfComment.java b/poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfComment.java index 69b489927d..9c4b1bcb85 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfComment.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfComment.java @@ -56,7 +56,6 @@ import org.apache.poi.util.RecordFormatException; @Internal public class HemfComment { private static final Logger LOG = LogManager.getLogger(HemfComment.class); - private static final int MAX_RECORD_LENGTH = HwmfPicture.MAX_RECORD_LENGTH; public enum HemfCommentRecordType { emfGeneric(-1, EmfCommentDataGeneric::new, false), @@ -281,7 +280,7 @@ public class HemfComment { @Override public long init(LittleEndianInputStream leis, long dataSize) throws IOException { - privateData = IOUtils.safelyAllocate(dataSize, MAX_RECORD_LENGTH); + privateData = IOUtils.safelyAllocate(dataSize, HwmfPicture.getMaxRecordLength()); leis.readFully(privateData); return privateData.length; } @@ -383,7 +382,7 @@ public class HemfComment { // The number of Unicode characters in the optional description string that follows. int nDescription = (int)leis.readUInt(); - byte[] buf = IOUtils.safelyAllocate(nDescription * 2L, MAX_RECORD_LENGTH); + byte[] buf = IOUtils.safelyAllocate(nDescription * 2L, HwmfPicture.getMaxRecordLength()); leis.readFully(buf); description = new String(buf, StandardCharsets.UTF_16LE); @@ -458,7 +457,7 @@ public class HemfComment { for (EmfCommentDataFormat fmt : formats) { int skip = fmt.offData-(leis.getReadIndex()-startIdx); leis.skipFully(skip); - fmt.rawData = IOUtils.safelyAllocate(fmt.sizeData, MAX_RECORD_LENGTH); + fmt.rawData = IOUtils.safelyAllocate(fmt.sizeData, HwmfPicture.getMaxRecordLength()); int readBytes = leis.read(fmt.rawData); if (readBytes < fmt.sizeData) { // EOF @@ -600,7 +599,7 @@ public class HemfComment { // WMF metafile in the WinMetafile field. int winMetafileSize = (int)leis.readUInt(); - wmfData = IOUtils.safelyAllocate(winMetafileSize, MAX_RECORD_LENGTH); + wmfData = IOUtils.safelyAllocate(winMetafileSize, HwmfPicture.getMaxRecordLength()); // some emf comments are truncated, so we don't use readFully here int readBytes = leis.read(wmfData); if (readBytes < wmfData.length) { diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java index cc311a1f63..b5782aa91a 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java @@ -90,7 +90,8 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable { static final int UNSET_OFFSET = -1; //arbitrarily selected; may need to increase - private static final int MAX_RECORD_LENGTH = 200_000_000; + private static final int DEFAULT_MAX_RECORD_LENGTH = 200_000_000; + private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH; // Holds metadata on where things are in our document private CurrentUserAtom currentUser; @@ -107,6 +108,20 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable { // Embedded objects stored in storage records in the document stream, lazily populated. private HSLFObjectData[] _objects; + /** + * @param length the max record length allowed for HSLFSlideShowImpl + */ + public static void setMaxRecordLength(int length) { + MAX_RECORD_LENGTH = length; + } + + /** + * @return the max record length allowed for HSLFSlideShowImpl + */ + public static int getMaxRecordLength() { + return MAX_RECORD_LENGTH; + } + /** * Constructs a Powerpoint document from fileName. Parses the document * and places all the important stuff into data structures. diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java b/poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java index 0a824df569..437d8cddc0 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java @@ -54,7 +54,6 @@ public class HwmfBitmapDib implements GenericRecord { private static final Logger LOG = LogManager.getLogger(HwmfBitmapDib.class); private static final int BMP_HEADER_SIZE = 14; - private static final int MAX_RECORD_LENGTH = HwmfPicture.MAX_RECORD_LENGTH; public enum BitCount { /** @@ -258,14 +257,14 @@ public class HwmfBitmapDib implements GenericRecord { headerCompression == Compression.BI_BITFIELDS || headerCompression == Compression.BI_CMYK) { int fileSize = Math.min(introSize+bodySize,recordSize); - imageData = IOUtils.safelyAllocate(fileSize, MAX_RECORD_LENGTH); + imageData = IOUtils.safelyAllocate(fileSize, HwmfPicture.getMaxRecordLength()); leis.readFully(imageData, 0, introSize); leis.skipFully(recordSize-fileSize); // emfs are sometimes truncated, read as much as possible int readBytes = leis.read(imageData, introSize, fileSize-introSize); return introSize+(recordSize-fileSize)+readBytes; } else { - imageData = IOUtils.safelyAllocate(recordSize, MAX_RECORD_LENGTH); + imageData = IOUtils.safelyAllocate(recordSize, HwmfPicture.getMaxRecordLength()); leis.readFully(imageData); return recordSize; } @@ -453,7 +452,7 @@ public class HwmfBitmapDib implements GenericRecord { int imageSize = (int)Math.max(imageData.length, introSize+headerImageSize); // create the image data and leave the parsing to the ImageIO api - byte[] buf = IOUtils.safelyAllocate(BMP_HEADER_SIZE + (long)imageSize, MAX_RECORD_LENGTH); + byte[] buf = IOUtils.safelyAllocate(BMP_HEADER_SIZE + (long)imageSize, HwmfPicture.getMaxRecordLength()); // https://en.wikipedia.org/wiki/BMP_file_format # Bitmap file header buf[0] = (byte)'B'; diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwmf/usermodel/HwmfPicture.java b/poi-scratchpad/src/main/java/org/apache/poi/hwmf/usermodel/HwmfPicture.java index 0fb9637f6a..640212a382 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hwmf/usermodel/HwmfPicture.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hwmf/usermodel/HwmfPicture.java @@ -55,7 +55,8 @@ import org.apache.poi.util.Units; public class HwmfPicture implements Iterable, GenericRecord { /** Max. record length - processing longer records will throw an exception */ - public static final int MAX_RECORD_LENGTH = 50_000_000; + public static final int DEFAULT_MAX_RECORD_LENGTH = 50_000_000; + public static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH; private static final Logger LOG = LogManager.getLogger(HwmfPicture.class); @@ -65,6 +66,20 @@ public class HwmfPicture implements Iterable, GenericRecord { /** The default charset */ private Charset defaultCharset = LocaleUtil.CHARSET_1252; + /** + * @param length the max record length allowed for HwmfPicture + */ + public static void setMaxRecordLength(int length) { + MAX_RECORD_LENGTH = length; + } + + /** + * @return the max record length allowed for HwmfPicture + */ + public static int getMaxRecordLength() { + return MAX_RECORD_LENGTH; + } + public HwmfPicture(InputStream inputStream) throws IOException { try (LittleEndianInputStream leis = new LittleEndianInputStream(inputStream)) { diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java index 0acf5d8241..4df5540517 100644 --- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java +++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java @@ -67,27 +67,9 @@ import org.w3c.dom.Document; public class AgileEncryptor extends Encryptor { - //arbitrarily selected; may need to increase - private static final int DEFAULT_MAX_RECORD_LENGTH = 1_000_000; - private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH; - private byte[] integritySalt; private byte[] pwHash; - /** - * @param length the max record length allowed for AgileEncryptor - */ - public static void setMaxRecordLength(int length) { - MAX_RECORD_LENGTH = length; - } - - /** - * @return the max record length allowed for AgileEncryptor - */ - public static int getMaxRecordLength() { - return MAX_RECORD_LENGTH; - } - protected AgileEncryptor() {} protected AgileEncryptor(AgileEncryptor other) { @@ -105,11 +87,12 @@ public class AgileEncryptor extends Encryptor { int keySize = header.getKeySize()/8; int hashSize = header.getHashAlgorithm().hashSize; - byte[] newVerifierSalt = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) - , newVerifier = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) - , newKeySalt = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) - , newKeySpec = IOUtils.safelyAllocate(keySize, MAX_RECORD_LENGTH) - , newIntegritySalt = IOUtils.safelyAllocate(hashSize, MAX_RECORD_LENGTH); + int maxLen = CryptoFunctions.getMaxRecordLength(); + byte[] newVerifierSalt = IOUtils.safelyAllocate(blockSize, maxLen) + , newVerifier = IOUtils.safelyAllocate(blockSize, maxLen) + , newKeySalt = IOUtils.safelyAllocate(blockSize, maxLen) + , newKeySpec = IOUtils.safelyAllocate(keySize, maxLen) + , newIntegritySalt = IOUtils.safelyAllocate(hashSize, maxLen); r.nextBytes(newVerifierSalt); // blocksize r.nextBytes(newVerifier); // blocksize r.nextBytes(newKeySalt); // blocksize