https://bz.apache.org/bugzilla/show_bug.cgi?id=66840
Bug ID: 66840
Summary: zip attack
Product: POI
Version: unspecified
Hardware: All
Status: NEW
Severity: critical
Priority: P2
Component: XSSF
Assignee: dev@poi.apache.org
Reporter: biandeqi...@huawei.com
Target Milestone: ---
I try to use this api(WorkbookFactory.create(InputStream input):
We explode an interface to receive a file inputstream with max size as 1M.
Attackers can produce a file only 1M but with actual size as arround 1G+. It
caused an OOM in our service! Refer to below as the coredump capture.
Object / Stack Frame
|Name| Shallow Heap
| Retained Heap |Context Class Loader|Is Daemon
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
at java.lang.OutOfMemoryError.<init>()V (OutOfMemoryError.java:48)
| |
| | |
at org.apache.commons.io.IOUtils.byteArray(I)[B (IOUtils.java:338)
| |
| | |
at
org.apache.commons.io.output.AbstractByteArrayOutputStream.toByteArrayImpl()[B
(AbstractByteArrayOutputStream.java:365)
| | |
| |
at
org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream.toByteArray()[B
(UnsynchronizedByteArrayOutputStream.java:147)
| | |
| |
at org.apache.poi.util.IOUtils.toByteArray(Ljava/io/InputStream;IIZZ)[B
(IOUtils.java:256)
| |
| | |
at org.apache.poi.util.IOUtils.toByteArray(Ljava/io/InputStream;II)[B
(IOUtils.java:203)
| |
| | |
at
org.apache.poi.openxml4j.util.ZipArchiveFakeEntry.<init>(Lorg/apache/commons/compress/archivers/zip/ZipArchiveEntry;Ljava/io/InputStream;)V
(ZipArchiveFakeEntry.java:82) |
| | | |
at
org.apache.poi.openxml4j.util.ZipInputStreamZipEntrySource.<init>(Lorg/apache/poi/openxml4j/util/ZipArchiveThresholdInputStream;)V
(ZipInputStreamZipEntrySource.java:98)
| | | | |
at
org.apache.poi.openxml4j.opc.ZipPackage.<init>(Ljava/io/InputStream;Lorg/apache/poi/openxml4j/opc/PackageAccess;)V
(ZipPackage.java:132)
| | | | |
at
org.apache.poi.openxml4j.opc.OPCPackage.open(Ljava/io/InputStream;)Lorg/apache/poi/openxml4j/opc/OPCPackage;
(OPCPackage.java:312)
| | | |
|
at
org.apache.poi.xssf.usermodel.XSSFWorkbookFactory.create(Ljava/io/InputStream;)Lorg/apache/poi/xssf/usermodel/XSSFWorkbook;
(XSSFWorkbookFactory.java:97)
| | | | |
at
org.apache.poi.xssf.usermodel.XSSFWorkbookFactory.create(Ljava/io/InputStream;)Lorg/apache/poi/ss/usermodel/Workbook;
(XSSFWorkbookFactory.java:36)
| | | | |
at
org.apache.poi.ss.usermodel.WorkbookFactory.lambda$create$2(Ljava/io/InputStream;Lorg/apache/poi/ss/usermodel/WorkbookProvider;)Lorg/apache/poi/ss/usermodel/Workbook;
(WorkbookFactory.java:224) | | |
| |
at
org.apache.poi.ss.usermodel.WorkbookFactory$$Lambda$1051.create(Lorg/apache/poi/ss/usermodel/WorkbookProvider;)Lorg/apache/poi/ss/usermodel/Workbook;
(Unknown Source) | |
| | |
at
org.apache.poi.ss.usermodel.WorkbookFactory.wp(Lorg/apache/poi/poifs/filesystem/FileMagic;Lorg/apache/poi/ss/usermodel/WorkbookFactory$ProviderMethod;)Lorg/apache/poi/ss/usermodel/Workbook;
(WorkbookFactory.java:329)| | | |
|
at
org.apache.poi.ss.usermodel.WorkbookFactory.create(Ljava/io/InputStream;Ljava/lang/String;)Lorg/apache/poi/ss/usermodel/Workbook;
(WorkbookFactory.java:224)
| | | | |
at
org.apache.poi.ss.usermodel.WorkbookFactory.create(Ljava/io/InputStream;)Lorg/apache/poi/ss/usermodel/Workbook;
(WorkbookFactory.java:185)
| | | |
|
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org
