Skip to content

Commit e799e95

Browse files
sqdtssshuotan
sqdtss
and
shuotan
authored
This closes qax-os#2237, fix panic when open encrypted workbook in some cases (qax-os#2238)
- Add more unit test for crypt, improve test code coverage Co-authored-by: shuotan <[email protected]>
1 parent 8bf639c commit e799e95

File tree

2 files changed

+131
-10
lines changed

2 files changed

+131
-10
lines changed

crypt.go

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,10 @@ func Decrypt(raw []byte, opts *Options) (packageBuf []byte, err error) {
145145
if err != nil {
146146
return
147147
}
148-
encryptionInfoBuf, encryptedPackageBuf := extractPart(doc)
148+
var encryptionInfoBuf, encryptedPackageBuf []byte
149+
if encryptionInfoBuf, encryptedPackageBuf, err = extractPart(doc); err != nil {
150+
return
151+
}
149152
mechanism, err := encryptionMechanism(encryptionInfoBuf)
150153
if err != nil || mechanism == "extensible" {
151154
return
@@ -186,24 +189,25 @@ func Encrypt(raw []byte, opts *Options) ([]byte, error) {
186189
}
187190

188191
// extractPart extract data from storage by specified part name.
189-
func extractPart(doc *mscfb.Reader) (encryptionInfoBuf, encryptedPackageBuf []byte) {
192+
func extractPart(doc *mscfb.Reader) ([]byte, []byte, error) {
193+
var encryptionInfoBuf, encryptedPackageBuf []byte
190194
for entry, err := doc.Next(); err == nil; entry, err = doc.Next() {
191195
switch entry.Name {
192196
case "EncryptionInfo":
193197
buf := make([]byte, entry.Size)
194-
i, _ := doc.Read(buf)
195-
if i > 0 {
196-
encryptionInfoBuf = buf
198+
if _, err := doc.Read(buf); err != nil {
199+
return encryptionInfoBuf, encryptedPackageBuf, err
197200
}
201+
encryptionInfoBuf = buf
198202
case "EncryptedPackage":
199203
buf := make([]byte, entry.Size)
200-
i, _ := doc.Read(buf)
201-
if i > 0 {
202-
encryptedPackageBuf = buf
204+
if _, err := doc.Read(buf); err != nil {
205+
return encryptionInfoBuf, encryptedPackageBuf, err
203206
}
207+
encryptedPackageBuf = buf
204208
}
205209
}
206-
return
210+
return encryptionInfoBuf, encryptedPackageBuf, nil
207211
}
208212

209213
// encryptionMechanism parse password-protected documents created mechanism.

crypt_test.go

Lines changed: 118 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ package excelize
1313

1414
import (
1515
"bytes"
16+
"encoding/base64"
1617
"encoding/binary"
1718
"os"
1819
"path/filepath"
@@ -57,7 +58,8 @@ func TestEncrypt(t *testing.T) {
5758

5859
doc, err := mscfb.New(bytes.NewReader(raw))
5960
assert.NoError(t, err)
60-
encryptionInfoBuf, encryptedPackageBuf := extractPart(doc)
61+
encryptionInfoBuf, encryptedPackageBuf, err := extractPart(doc)
62+
assert.NoError(t, err)
6163
binary.LittleEndian.PutUint64(encryptionInfoBuf[20:32], uint64(0))
6264
_, err = standardDecrypt(encryptionInfoBuf, encryptedPackageBuf, &Options{Password: "password"})
6365
assert.NoError(t, err)
@@ -73,6 +75,121 @@ func TestEncrypt(t *testing.T) {
7375
assert.EqualError(t, err, "illegal base64 data at input byte 0")
7476
_, err = createIV([]byte{0}, Encryption{KeyData: KeyData{SaltValue: "=="}})
7577
assert.EqualError(t, err, "illegal base64 data at input byte 0")
78+
// Test error handling for EncryptionInfo parse failure
79+
compoundFile := &cfb{
80+
paths: []string{"Root Entry/"},
81+
sectors: []sector{{name: "Root Entry", typeID: 5}},
82+
}
83+
compoundFile.put("EncryptionInfo", []byte{})
84+
_, err = OpenReader(bytes.NewReader(compoundFile.write()))
85+
assert.Equal(t, ErrWorkbookFileFormat, err)
86+
// Test error handling for EncryptedPackage parse failure
87+
compoundFile = &cfb{
88+
paths: []string{"Root Entry/"},
89+
sectors: []sector{{name: "Root Entry", typeID: 5}},
90+
}
91+
encryptionInfo := make([]byte, 100)
92+
binary.LittleEndian.PutUint16(encryptionInfo[:2], 4)
93+
binary.LittleEndian.PutUint16(encryptionInfo[2:4], 4)
94+
compoundFile.put("EncryptionInfo", encryptionInfo)
95+
compoundFile.put("EncryptedPackage", []byte{})
96+
_, err = OpenReader(bytes.NewReader(compoundFile.write()))
97+
assert.Equal(t, ErrWorkbookFileFormat, err)
98+
// Test createIV when iv length is less than block size
99+
_, err = createIV(0, Encryption{
100+
KeyData: KeyData{
101+
HashAlgorithm: "md5",
102+
BlockSize: 32,
103+
SaltValue: base64.StdEncoding.EncodeToString([]byte("")),
104+
},
105+
})
106+
assert.NoError(t, err)
107+
// Test decryptPackage error with padding
108+
input := make([]byte, 18)
109+
binary.LittleEndian.PutUint64(input[:8], 10)
110+
for i := 8; i < 18; i++ {
111+
input[i] = byte(i)
112+
}
113+
_, err = decryptPackage(make([]byte, 32), input, Encryption{
114+
KeyData: KeyData{
115+
HashAlgorithm: "sha256",
116+
BlockSize: 16,
117+
SaltValue: base64.StdEncoding.EncodeToString([]byte("")),
118+
},
119+
})
120+
assert.NoError(t, err)
121+
// Test IV creation error with invalid salt
122+
input = make([]byte, 4104)
123+
binary.LittleEndian.PutUint64(input[:8], 4096)
124+
_, err = decryptPackage(make([]byte, 32), input, Encryption{
125+
KeyData: KeyData{
126+
HashAlgorithm: "sha256",
127+
BlockSize: 16,
128+
SaltValue: "==",
129+
},
130+
})
131+
assert.Error(t, err)
132+
// Test decrypt error with invalid key
133+
_, err = decryptPackage([]byte{}, input, Encryption{
134+
KeyData: KeyData{
135+
HashAlgorithm: "sha256",
136+
BlockSize: 16,
137+
SaltValue: base64.StdEncoding.EncodeToString([]byte("")),
138+
},
139+
})
140+
assert.Error(t, err)
141+
// Test put with path that is a prefix of name
142+
compoundFile = &cfb{
143+
paths: []string{"Root Entry/"},
144+
sectors: []sector{{name: "Root Entry", typeID: 5}},
145+
}
146+
compoundFile.put("Root Entry/Test", []byte(""))
147+
compoundFile = &cfb{
148+
paths: []string{"Root"},
149+
sectors: []sector{{name: "Root", typeID: 5}},
150+
}
151+
compoundFile.put("Test", []byte(""))
152+
// Test compare function with different scenarios
153+
compoundFile = &cfb{}
154+
assert.Equal(t, -1, compoundFile.compare("Root/A", "Root/B"))
155+
assert.Equal(t, 1, compoundFile.compare("Root/B", "Root/A"))
156+
assert.Equal(t, -1, compoundFile.compare("Root", "Root/Child"))
157+
// Test prepare with typeID == 0 sector
158+
compoundFile = &cfb{
159+
paths: []string{"Root Entry/", "Skip/", "Valid/"},
160+
sectors: []sector{
161+
{name: "Root Entry", typeID: 5},
162+
{name: "Skip", typeID: 0},
163+
{name: "Valid", typeID: 2},
164+
},
165+
}
166+
compoundFile.prepare()
167+
// Test locate with FATSectors incrementing but staying <= 109
168+
compoundFile = &cfb{
169+
paths: []string{"Root Entry/"},
170+
sectors: []sector{{name: "Root Entry", typeID: 5, content: []byte{}}},
171+
}
172+
numFiles := 1533
173+
for i := range numFiles {
174+
name := strings.Repeat("F", i%50+1)
175+
compoundFile.paths = append(compoundFile.paths, name+"/")
176+
compoundFile.sectors = append(compoundFile.sectors, sector{
177+
name: name,
178+
typeID: 2,
179+
content: make([]byte, 4096),
180+
})
181+
}
182+
compoundFile.locate()
183+
// Test writeDirectoryEntry with empty clsID
184+
compoundFile = &cfb{
185+
paths: []string{"Root Entry/", "File1/"},
186+
sectors: []sector{
187+
{name: "Root Entry", typeID: 5, content: []byte{}, clsID: headerCLSID},
188+
{name: "File1", typeID: 2, content: []byte("test"), clsID: []byte{}},
189+
},
190+
}
191+
compoundFile.stream = make([]byte, 10000)
192+
compoundFile.writeDirectoryEntry([]int{1, 0, 1, 0, 1, 0, 0, 0})
76193
}
77194

78195
func TestEncryptionMechanism(t *testing.T) {

0 commit comments

Comments
 (0)