TestTNEFAttributes.java

centic Sat, 19 Mar 2022 23:52:54 -0700

Author: centic
Date: Sun Mar 20 06:52:47 2022
New Revision: 1899072

URL: http://svn.apache.org/viewvc?rev=1899072&view=rev
Log:
Prevent one more case of allocating endlessly on invalid TNEF/HMEF/MAPI files


Limit the number of attributes to 10,000 by default

Modified:
    
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
    
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java

Modified: 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java?rev=1899072&r1=1899071&r2=1899072&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java
 Sun Mar 20 06:52:47 2022
@@ -43,6 +43,7 @@ public class MAPIAttribute {
    //arbitrarily selected; may need to increase
    private static final int DEFAULT_MAX_RECORD_LENGTH = 1_000_000;
    private static int MAX_RECORD_LENGTH = 1_000_000;
+   private static int MAX_RECORD_COUNT = 10_000;
 
    private final MAPIProperty property;
    private final int type;
@@ -183,6 +184,7 @@ public class MAPIAttribute {
             int values = 1;
             if(isMV || isVL) {
                values = LittleEndian.readInt(inp);
+               IOUtils.safelyAllocateCheck(values, MAX_RECORD_COUNT);
             }
 
             if (type == Types.NULL && values > 1) {

Modified: 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java?rev=1899072&r1=1899071&r2=1899072&view=diff
==============================================================================
Binary files - no diff available.



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1899072 - in /poi/trunk/poi-scratchpad/src: main/java/org/apache/poi/hmef/attribute/MAPIAttribute.java test/java/org/apache/poi/hmef/attribute/TestTNEFAttributes.java

Reply via email to