56865 – Limit number of bytes (by counting them) while opening office docs

Bug 56865 - Limit number of bytes (by counting them) while opening office docs

Summary: Limit number of bytes (by counting them) while opening office docs

Status:	RESOLVED FIXED

Alias:	None

Product:	POI
Classification:	Unclassified
Component:	POI Overall (show other bugs)
Version:	3.11-dev
Hardware:	PC Mac OS X 10.4

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	POI Developers List

URL:
Keywords:

Depends on:	50090
Blocks:
	Show dependency tree

Reported:	2014-08-17 15:54 UTC by Christian Schneider
Modified:	2015-06-23 23:40 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Schneider 2014-08-17 15:54:20 UTC

It would be good to limit the bytes in org.apache.poi.openxml4j.util.ZipInputStreamZipEntrySource with a FilterStream that counts the number of bytes up to a defined (configurable) value:

The class org.apache.poi.openxml4j.util.ZipInputStreamZipEntrySource.FakeZipEntry uses in its constructor the Java class java.util.zip.ZipInputStream for decompressing the office files. Here the instance of this class could be wrapped with another java.io.FilterInputStream that performs the byte counting, as discussed on the private@poi.apache.org mailing list.

Checking just the ZipEntry's entry.getSize() is not enough, since this value can be spoofed.

Comment 1 Andreas Beeker 2015-06-23 23:40:10 UTC

Fixed with r1687148