pashko/apache-poi
1
0
Fork 0
mirror of https://github.com/apache/poi.git synced 2026-02-27 20:40:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Do not fail if an empty password is provided

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1907446 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Dominik Stadler 2023-02-05 21:11:14 +00:00
parent 3eae53357d
commit 25d67aa6ec
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
poi/src/main/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
View File

@ -538,7 +538,11 @@ public final class CryptoFunctions {
// The MS-OFFCRYPTO misses some infos about the various rotation sizes
byte[] obfuscationArray = new byte[16];
System.arraycopy(passBytes, 0, obfuscationArray, 0, passBytes.length);
System.arraycopy(PAD_ARRAY, 0, obfuscationArray, passBytes.length, PAD_ARRAY.length-passBytes.length+1);
if (passBytes.length == 0) {
System.arraycopy(PAD_ARRAY, 0, obfuscationArray, passBytes.length, PAD_ARRAY.length);
} else {
System.arraycopy(PAD_ARRAY, 0, obfuscationArray, passBytes.length, PAD_ARRAY.length - passBytes.length + 1);
}
int xorKey = createXorKey1(password);

18
poi/src/test/java/org/apache/poi/poifs/crypt/TestXorEncryption.java
View File

@ -32,6 +32,7 @@ import org.apache.poi.hssf.record.crypto.Biff8EncryptionKey;
import org.apache.poi.hssf.usermodel.HSSFSheet;
import org.apache.poi.hssf.usermodel.HSSFWorkbook;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.apache.poi.util.HexDump;
import org.apache.poi.util.HexRead;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
@ -53,6 +54,23 @@ class TestXorEncryption {
assertThat(xorArrExp, equalTo(xorArrAct));
}
@Test
void testXorEncryptionEmptyPassword() {
// Xor-Password: ""
// 2.5.343 XORObfuscation
// key = 0
// verifier = 0
int verifier = CryptoFunctions.createXorVerifier1("");
int key = CryptoFunctions.createXorKey1("");
assertEquals(0, key);
assertEquals(0, verifier);
byte[] xorArrAct = CryptoFunctions.createXorArray1("");
byte[] xorArrExp = HexRead.readFromString("EE-FF-FF-EA-FF-FF-E6-02-00-FA-3C-00-FE-3C-00-00");
assertThat("Having: " + HexDump.dump(xorArrAct, 0, 0),
xorArrExp, equalTo(xorArrAct));
}
@Test
void testUserFile() throws IOException {
File f = getSampleFile("xor-encryption-abc.xls");