Apache
/
poi
mirror of https://github.com/apache/poi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make max record sizes configurable 

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1894454 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
PJ Fanning 2021-10-21 18:42:11 +00:00
parent 04c130b8d5
commit e216997950
5 changed files with 45 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfComment.java
View File

@ -56,7 +56,6 @@ import org.apache.poi.util.RecordFormatException;
@Internal @Internal
public class HemfComment { public class HemfComment {
private static final Logger LOG = LogManager.getLogger(HemfComment.class); private static final Logger LOG = LogManager.getLogger(HemfComment.class);
private static final int MAX_RECORD_LENGTH = HwmfPicture.MAX_RECORD_LENGTH;
public enum HemfCommentRecordType { public enum HemfCommentRecordType {
emfGeneric(-1, EmfCommentDataGeneric::new, false), emfGeneric(-1, EmfCommentDataGeneric::new, false),
@ -281,7 +280,7 @@ public class HemfComment {
@Override @Override
public long init(LittleEndianInputStream leis, long dataSize) throws IOException { public long init(LittleEndianInputStream leis, long dataSize) throws IOException {
privateData = IOUtils.safelyAllocate(dataSize, MAX_RECORD_LENGTH); privateData = IOUtils.safelyAllocate(dataSize, HwmfPicture.getMaxRecordLength());
leis.readFully(privateData); leis.readFully(privateData);
return privateData.length; return privateData.length;
} }
@ -383,7 +382,7 @@ public class HemfComment {
// The number of Unicode characters in the optional description string that follows. // The number of Unicode characters in the optional description string that follows.
int nDescription = (int)leis.readUInt(); int nDescription = (int)leis.readUInt();
byte[] buf = IOUtils.safelyAllocate(nDescription * 2L, MAX_RECORD_LENGTH); byte[] buf = IOUtils.safelyAllocate(nDescription * 2L, HwmfPicture.getMaxRecordLength());
leis.readFully(buf); leis.readFully(buf);
description = new String(buf, StandardCharsets.UTF_16LE); description = new String(buf, StandardCharsets.UTF_16LE);
@ -458,7 +457,7 @@ public class HemfComment {
for (EmfCommentDataFormat fmt : formats) { for (EmfCommentDataFormat fmt : formats) {
int skip = fmt.offData-(leis.getReadIndex()-startIdx); int skip = fmt.offData-(leis.getReadIndex()-startIdx);
leis.skipFully(skip); leis.skipFully(skip);
fmt.rawData = IOUtils.safelyAllocate(fmt.sizeData, MAX_RECORD_LENGTH); fmt.rawData = IOUtils.safelyAllocate(fmt.sizeData, HwmfPicture.getMaxRecordLength());
int readBytes = leis.read(fmt.rawData); int readBytes = leis.read(fmt.rawData);
if (readBytes < fmt.sizeData) { if (readBytes < fmt.sizeData) {
// EOF // EOF
@ -600,7 +599,7 @@ public class HemfComment {
// WMF metafile in the WinMetafile field. // WMF metafile in the WinMetafile field.
int winMetafileSize = (int)leis.readUInt(); int winMetafileSize = (int)leis.readUInt();
wmfData = IOUtils.safelyAllocate(winMetafileSize, MAX_RECORD_LENGTH); wmfData = IOUtils.safelyAllocate(winMetafileSize, HwmfPicture.getMaxRecordLength());
// some emf comments are truncated, so we don't use readFully here // some emf comments are truncated, so we don't use readFully here
int readBytes = leis.read(wmfData); int readBytes = leis.read(wmfData);
if (readBytes < wmfData.length) { if (readBytes < wmfData.length) {

17
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
View File

@ -90,7 +90,8 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
static final int UNSET_OFFSET = -1; static final int UNSET_OFFSET = -1;
//arbitrarily selected; may need to increase //arbitrarily selected; may need to increase
private static final int MAX_RECORD_LENGTH = 200_000_000; private static final int DEFAULT_MAX_RECORD_LENGTH = 200_000_000;
private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH;
// Holds metadata on where things are in our document // Holds metadata on where things are in our document
private CurrentUserAtom currentUser; private CurrentUserAtom currentUser;
@ -107,6 +108,20 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
// Embedded objects stored in storage records in the document stream, lazily populated. // Embedded objects stored in storage records in the document stream, lazily populated.
private HSLFObjectData[] _objects; private HSLFObjectData[] _objects;
/**
* @param length the max record length allowed for HSLFSlideShowImpl
*/
public static void setMaxRecordLength(int length) {
MAX_RECORD_LENGTH = length;
}
/**
* @return the max record length allowed for HSLFSlideShowImpl
*/
public static int getMaxRecordLength() {
return MAX_RECORD_LENGTH;
}
/** /**
* Constructs a Powerpoint document from fileName. Parses the document * Constructs a Powerpoint document from fileName. Parses the document
* and places all the important stuff into data structures. * and places all the important stuff into data structures.

7
poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java
View File

@ -54,7 +54,6 @@ public class HwmfBitmapDib implements GenericRecord {
private static final Logger LOG = LogManager.getLogger(HwmfBitmapDib.class); private static final Logger LOG = LogManager.getLogger(HwmfBitmapDib.class);
private static final int BMP_HEADER_SIZE = 14; private static final int BMP_HEADER_SIZE = 14;
private static final int MAX_RECORD_LENGTH = HwmfPicture.MAX_RECORD_LENGTH;
public enum BitCount { public enum BitCount {
/** /**
@ -258,14 +257,14 @@ public class HwmfBitmapDib implements GenericRecord {
headerCompression == Compression.BI_BITFIELDS || headerCompression == Compression.BI_BITFIELDS ||
headerCompression == Compression.BI_CMYK) { headerCompression == Compression.BI_CMYK) {
int fileSize = Math.min(introSize+bodySize,recordSize); int fileSize = Math.min(introSize+bodySize,recordSize);
imageData = IOUtils.safelyAllocate(fileSize, MAX_RECORD_LENGTH); imageData = IOUtils.safelyAllocate(fileSize, HwmfPicture.getMaxRecordLength());
leis.readFully(imageData, 0, introSize); leis.readFully(imageData, 0, introSize);
leis.skipFully(recordSize-fileSize); leis.skipFully(recordSize-fileSize);
// emfs are sometimes truncated, read as much as possible // emfs are sometimes truncated, read as much as possible
int readBytes = leis.read(imageData, introSize, fileSize-introSize); int readBytes = leis.read(imageData, introSize, fileSize-introSize);
return introSize+(recordSize-fileSize)+readBytes; return introSize+(recordSize-fileSize)+readBytes;
} else { } else {
imageData = IOUtils.safelyAllocate(recordSize, MAX_RECORD_LENGTH); imageData = IOUtils.safelyAllocate(recordSize, HwmfPicture.getMaxRecordLength());
leis.readFully(imageData); leis.readFully(imageData);
return recordSize; return recordSize;
} }
@ -453,7 +452,7 @@ public class HwmfBitmapDib implements GenericRecord {
int imageSize = (int)Math.max(imageData.length, introSize+headerImageSize); int imageSize = (int)Math.max(imageData.length, introSize+headerImageSize);
// create the image data and leave the parsing to the ImageIO api // create the image data and leave the parsing to the ImageIO api
byte[] buf = IOUtils.safelyAllocate(BMP_HEADER_SIZE + (long)imageSize, MAX_RECORD_LENGTH); byte[] buf = IOUtils.safelyAllocate(BMP_HEADER_SIZE + (long)imageSize, HwmfPicture.getMaxRecordLength());
// https://en.wikipedia.org/wiki/BMP_file_format # Bitmap file header // https://en.wikipedia.org/wiki/BMP_file_format # Bitmap file header
buf[0] = (byte)'B'; buf[0] = (byte)'B';

17
poi-scratchpad/src/main/java/org/apache/poi/hwmf/usermodel/HwmfPicture.java
View File

@ -55,7 +55,8 @@ import org.apache.poi.util.Units;
public class HwmfPicture implements Iterable<HwmfRecord>, GenericRecord { public class HwmfPicture implements Iterable<HwmfRecord>, GenericRecord {
/** Max. record length - processing longer records will throw an exception */ /** Max. record length - processing longer records will throw an exception */
public static final int MAX_RECORD_LENGTH = 50_000_000; public static final int DEFAULT_MAX_RECORD_LENGTH = 50_000_000;
public static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH;
private static final Logger LOG = LogManager.getLogger(HwmfPicture.class); private static final Logger LOG = LogManager.getLogger(HwmfPicture.class);
@ -65,6 +66,20 @@ public class HwmfPicture implements Iterable<HwmfRecord>, GenericRecord {
/** The default charset */ /** The default charset */
private Charset defaultCharset = LocaleUtil.CHARSET_1252; private Charset defaultCharset = LocaleUtil.CHARSET_1252;
/**
* @param length the max record length allowed for HwmfPicture
*/
public static void setMaxRecordLength(int length) {
MAX_RECORD_LENGTH = length;
}
/**
* @return the max record length allowed for HwmfPicture
*/
public static int getMaxRecordLength() {
return MAX_RECORD_LENGTH;
}
public HwmfPicture(InputStream inputStream) throws IOException { public HwmfPicture(InputStream inputStream) throws IOException {
try (LittleEndianInputStream leis = new LittleEndianInputStream(inputStream)) { try (LittleEndianInputStream leis = new LittleEndianInputStream(inputStream)) {

29
poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java
View File

@ -67,27 +67,9 @@ import org.w3c.dom.Document;
public class AgileEncryptor extends Encryptor { public class AgileEncryptor extends Encryptor {
//arbitrarily selected; may need to increase
private static final int DEFAULT_MAX_RECORD_LENGTH = 1_000_000;
private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH;
private byte[] integritySalt; private byte[] integritySalt;
private byte[] pwHash; private byte[] pwHash;
/**
* @param length the max record length allowed for AgileEncryptor
*/
public static void setMaxRecordLength(int length) {
MAX_RECORD_LENGTH = length;
}
/**
* @return the max record length allowed for AgileEncryptor
*/
public static int getMaxRecordLength() {
return MAX_RECORD_LENGTH;
}
protected AgileEncryptor() {} protected AgileEncryptor() {}
protected AgileEncryptor(AgileEncryptor other) { protected AgileEncryptor(AgileEncryptor other) {
@ -105,11 +87,12 @@ public class AgileEncryptor extends Encryptor {
int keySize = header.getKeySize()/8; int keySize = header.getKeySize()/8;
int hashSize = header.getHashAlgorithm().hashSize; int hashSize = header.getHashAlgorithm().hashSize;
byte[] newVerifierSalt = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) int maxLen = CryptoFunctions.getMaxRecordLength();
, newVerifier = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) byte[] newVerifierSalt = IOUtils.safelyAllocate(blockSize, maxLen)
, newKeySalt = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) , newVerifier = IOUtils.safelyAllocate(blockSize, maxLen)
, newKeySpec = IOUtils.safelyAllocate(keySize, MAX_RECORD_LENGTH) , newKeySalt = IOUtils.safelyAllocate(blockSize, maxLen)
, newIntegritySalt = IOUtils.safelyAllocate(hashSize, MAX_RECORD_LENGTH); , newKeySpec = IOUtils.safelyAllocate(keySize, maxLen)
, newIntegritySalt = IOUtils.safelyAllocate(hashSize, maxLen);
r.nextBytes(newVerifierSalt); // blocksize r.nextBytes(newVerifierSalt); // blocksize
r.nextBytes(newVerifier); // blocksize r.nextBytes(newVerifier); // blocksize
r.nextBytes(newKeySalt); // blocksize r.nextBytes(newKeySalt); // blocksize