[jira] [Commented] (TIKA-2446) Tainted Zip file can provoke OOM errors

Wed, 06 Jun 2018 08:43:49 -0700 


    [ 
https://issues.apache.org/jira/browse/TIKA-2446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16503470#comment-16503470
 ] 

Hudson commented on TIKA-2446:
------------------------------

UNSTABLE: Integrated in Jenkins build tika-2.x-windows #267 (See 
[https://builds.apache.org/job/tika-2.x-windows/267/])
TIKA-2446 -- prevent oom during detection of corrupt zip (tallison: rev 
bc24ccb302d1454a226dbfd38337b8f8050d7e4a)
* (add) tika-parsers/src/test/resources/test-documents/testZIP_corrupted_oom.zip
* (edit) 
tika-parsers/src/main/java/org/apache/tika/parser/pkg/ZipContainerDetector.java
* (edit) 
tika-parsers/src/test/java/org/apache/tika/parser/microsoft/ooxml/OOXMLParserTest.java
TIKA-2446 -- prevent oom during detection of corrupt zip -- catch POI's 
(tallison: rev a0325c2480357c99dff0fa99248886d3372269fa)
* (edit) 
tika-parsers/src/main/java/org/apache/tika/parser/pkg/ZipContainerDetector.java


> Tainted Zip file can provoke OOM errors
> ---------------------------------------
>
>                 Key: TIKA-2446
>                 URL: https://issues.apache.org/jira/browse/TIKA-2446
>             Project: Tika
>          Issue Type: Bug
>    Affects Versions: 1.16
>            Reporter: Thorsten Schäfer
>            Priority: Major
>         Attachments: corrupt_zip.zip
>
>
> Hi,
> using Tika 1.16 with embedded POI 3.17-beta1 we experienced an OutOfMemory 
> error on a Zip file. The suspicious code is in the constructor of 
> FakeZipEntry in line 125. Here a ByteArrayOutputStream of up to 2 GiB in size 
> is opened which will most probably lead to an OutOfMemory. The entry size in 
> the zip file can be easily faked by an attacker.
> The code path to FakeZipEntry will be used only if the native 
> java.util.zip.ZipFile implementation already failed to open the (possibly 
> corrupted) Zip. Possibly a more fine grained error analysis could be done in 
> ZipPackage.
> I have attached a tweaked zip file that will provoke this error.
> {code:java}
> public FakeZipEntry(ZipEntry entry, InputStream inp) throws IOException {
>                       super(entry.getName());
>                       
>                       // Grab the de-compressed contents for later
>             ByteArrayOutputStream baos;
>             long entrySize = entry.getSize();
>             if (entrySize !=-1) {
>                 if (entrySize>=Integer.MAX_VALUE) {
>                     throw new IOException("ZIP entry size is too large");
>                 }
>                 baos = new ByteArrayOutputStream((int) entrySize);
>             } else {
>                       baos = new ByteArrayOutputStream();
>             }
> {code}
> Kinds,
> Thorsten



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to