From e5f15f69dfea51e876b7c346c622ec286b6be2ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Amor=20Garc=C3=ADa?= Date: Wed, 27 Jan 2016 16:42:19 +0100 Subject: [PATCH] RTFHandler: protect against CR and bad hexadecimal sequence In RTF is possible to specify characters with the sequence \'XX being XX an hexadecimal number. With this changeset we guard against incorrect hexadecimal numbers which will be ignored. The other change added is to ignore carriadge returns in plain text. --- OpenChange/RTFHandler.m | 23 ++++++++++++++++++----- Tests/Unit/Fixtures/bad_hex_and_cr.rtf | 1 + Tests/Unit/TestRTFHandler.m | 9 +++++++++ 3 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 Tests/Unit/Fixtures/bad_hex_and_cr.rtf diff --git a/OpenChange/RTFHandler.m b/OpenChange/RTFHandler.m index 67f2b2c9f..c89f4c677 100644 --- a/OpenChange/RTFHandler.m +++ b/OpenChange/RTFHandler.m @@ -608,7 +608,6 @@ static void _init_fontCws_table() word and is not part of the control word. */ end = _bytes; - *len = end-start-1; return start+1; @@ -1250,7 +1249,8 @@ inline static void parseUl(RTFHandler *self, BOOL hasArg, int arg, RTFFormatting { // A hexadecimal value, based on the specified character set (may be used to identify 8-bit values). const char *b1, *b2; - unsigned short index; + short index; + short tmp; const unsigned short * active_charset; if (formattingOptions && formattingOptions->charset) @@ -1265,8 +1265,21 @@ inline static void parseUl(RTFHandler *self, BOOL hasArg, int arg, RTFFormatting b1 = ADVANCE; b2 = ADVANCE; - index = (isdigit(*b1) ? *b1 - 48 : toupper(*b1) - 55) * 16; - index += (isdigit(*b2) ? *b2 - 48 : toupper(*b2) - 55); + tmp = (isdigit(*b1) ? *b1 - 48 : toupper(*b1) - 55); + if (tmp < 0 || tmp > 16) + { + // Incorrect first hexadecimal character. Skipping. + continue; + } + index = tmp*16; + + tmp = (isdigit(*b2) ? *b2 - 48 : toupper(*b2) - 55); + if (tmp < 0 || tmp > 16) + { + // Incorrect second hexadecimal character. Skipping. + continue; + } + index += tmp; s = [NSString stringWithCharacters: &(active_charset[index]) length: 1]; d = [s dataUsingEncoding: NSUTF8StringEncoding]; @@ -1435,7 +1448,7 @@ inline static void parseUl(RTFHandler *self, BOOL hasArg, int arg, RTFFormatting { c = *_bytes; // We avoid appending NULL bytes or endlines - if (c && (c != '\n')) + if (c && (c != '\n') && (c != '\r')) { const unsigned short * active_charset; if (formattingOptions && formattingOptions->charset) diff --git a/Tests/Unit/Fixtures/bad_hex_and_cr.rtf b/Tests/Unit/Fixtures/bad_hex_and_cr.rtf new file mode 100644 index 000000000..a59fb2f8f --- /dev/null +++ b/Tests/Unit/Fixtures/bad_hex_and_cr.rtf @@ -0,0 +1 @@ +{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch37\stshfhich37\stshfbi37\deflang3082\deflangfe3082\themelang3082\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f31502\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria;}{\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f31504\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f31505\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f31506\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f31507\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f39\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\f40\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f42\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f43\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f44\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f45\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f46\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f47\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f39\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\f40\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f42\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f43\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f44\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f45\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f46\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f47\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f409\fbidi \fswiss\fcharset238\fprq2 Calibri CE;}{\f410\fbidi \fswiss\fcharset204\fprq2 Calibri Cyr;}{\f412\fbidi \fswiss\fcharset161\fprq2 Calibri Greek;}{\f413\fbidi \fswiss\fcharset162\fprq2 Calibri Tur;}{\f416\fbidi \fswiss\fcharset186\fprq2 Calibri Baltic;}{\f417\fbidi \fswiss\fcharset163\fprq2 Calibri (Vietnamese);}{\f31508\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\f31509\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f31511\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f31512\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f31513\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f31514\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f31515\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f31516\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f31518\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\f31519\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f31521\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f31522\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f31523\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f31524\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f31525\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f31526\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f31528\fbidi \froman\fcharset238\fprq2 Cambria CE;}{\f31529\fbidi \froman\fcharset204\fprq2 Cambria Cyr;}{\f31531\fbidi \froman\fcharset161\fprq2 Cambria Greek;}{\f31532\fbidi \froman\fcharset162\fprq2 Cambria Tur;}{\f31535\fbidi \froman\fcharset186\fprq2 Cambria Baltic;}{\f31536\fbidi \froman\fcharset163\fprq2 Cambria (Vietnamese);}{\f31538\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\f31539\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f31541\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f31542\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f31543\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f31544\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f31545\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f31546\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f31548\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\f31549\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f31551\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f31552\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f31553\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f31554\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f31555\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f31556\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f31558\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\f31559\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f31561\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f31562\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f31563\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f31564\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f31565\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f31566\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f31568\fbidi \fswiss\fcharset238\fprq2 Calibri CE;}{\f31569\fbidi \fswiss\fcharset204\fprq2 Calibri Cyr;}{\f31571\fbidi \fswiss\fcharset161\fprq2 Calibri Greek;}{\f31572\fbidi \fswiss\fcharset162\fprq2 Calibri Tur;}{\f31575\fbidi \fswiss\fcharset186\fprq2 Calibri Baltic;}{\f31576\fbidi \fswiss\fcharset163\fprq2 Calibri (Vietnamese);}{\f31578\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\f31579\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f31581\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f31582\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f31583\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f31584\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f31585\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f31586\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\*\defchp \f37\fs22\lang3082\langfe1033\langfenp1033 }{\*\defpap \ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 }\noqfpromote {\stylesheet{\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af0\afs22\alang1025 \ltrch\fcs0 \f37\fs22\lang3082\langfe1033\cgrid\langnp3082\langfenp1033 \snext0 \sqformat \spriority0 Normal;}{\*\cs10 \additive \ssemihidden \sunhideused \spriority1 Default Paragraph Font;}{\*\ts11\tsrowd\trftsWidthB3\trpaddl108\trpaddr108\trpaddfl3\trpaddft3\trpaddfb3\trpaddfr3\tblind0\tblindtype3\tsvertalt\tsbrdrt\tsbrdrl\tsbrdrb\tsbrdrr\tsbrdrdgl\tsbrdrdgr\tsbrdrh\tsbrdrv \ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af37\afs22\alang1025 \ltrch\fcs0 \f37\fs22\lang3082\langfe1033\cgrid\langnp3082\langfenp1033 \snext11 \ssemihidden \sunhideused Normal Table;}{\*\cs15 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \ul\cf2 \sbasedon10 \ssemihidden \sunhideused \styrsid14902200 Hyperlink;}{\*\cs16 \additive \rtlch\fcs1 \af0 \ltrch\fcs0 \ul\cf12 \sbasedon10 \ssemihidden \sunhideused \styrsid14902200 FollowedHyperlink;}{\*\cs17 \additive \rtlch\fcs1 \af0\afs22 \ltrch\fcs0 \f37\fs22\cf0 \sbasedon10 \ssemihidden \spriority0 \spersonal \scompose \styrsid14902200 EmailStyle171;}}{\*\revtbl {Unknown;}}{\*\rsidtbl \rsid8201463\rsid9795044\rsid14902200}{\mmathPr\mmathFont34\mbrkBin0\mbrkBinSub0\msmallFrac0\mdispDef1\mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\*\xmlnstbl {\xmlns1 http://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1701\margr1701\margt1417\margb1417\gutter0\ltrsect \deftab708\widowctrl\ftnbj\aenddoc\hyphhotz425\trackmoves0\trackformatting1\donotembedsysfont1\relyonvml0\donotembedlingdata0\grfdocevents0\validatexml1\showplaceholdtext0\ignoremixedcontent0\saveinvalidxml0\showxmlerrors1\noxlattoyen\expshrtn\noultrlspc\dntblnsbdb\nospaceforul\formshade\horzdoc\dgmargin\dghspace180\dgvspace180\dghorigin150\dgvorigin0\dghshow1\dgvshow1\jexpand\viewkind5\viewscale100\pgbrdrhead\pgbrdrfoot\splytwnine\ftnlytwnine\htmautsp\nolnhtadjtbl\useltbaln\alntblind\lytcalctblwd\lyttblrtgr\lnbrkrule\nobrkwrptbl\snaptogridincell\allowfieldendsel\wrppunct\asianbrkrule\rsidroot9795044\newtblstyruls\nogrowautofit\usenormstyforlist\noindnmbrts\felnbrelev\nocxsptable\indrlsweleven\noafcnsttbl\afelev\utinl\hwelev\spltpgpar\notcvasp\notbrkcnstfrctbl\notvatxbx\krnprsnet\cachedcolbal \nouicompat \fet0{\*\wgrffmtfilter 2450}\nofeaturethrottle1\ilfomacatclnup0\ltrpar \sectd \ltrsect\linex0\endnhere\sectdefaultcl\sectrsid9795044\sftnbj {\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang {\pntxta )}}{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}\pard\plain \ltrpar\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid14902200 \rtlch\fcs1 \af0\afs22\alang1025 \ltrch\fcs0 \f37\fs22\lang3082\langfe1033\cgrid\langnp3082\langfenp1033 {\rtlch\fcs1 \af0 \ltrch\fcs0 \f410\cf0\insrsid9795044\charrsid14902200 Good hex:\'48 Bad1Hex:\'ZA Bad2Hex:\'A+ Ignored Carriadge Return}} \ No newline at end of file diff --git a/Tests/Unit/TestRTFHandler.m b/Tests/Unit/TestRTFHandler.m index 317122724..173e7fe9f 100644 --- a/Tests/Unit/TestRTFHandler.m +++ b/Tests/Unit/TestRTFHandler.m @@ -306,4 +306,13 @@ againstExpectedHTML: expected]; } +- (void) test_bad_hex_and_cr +{ + NSString *file =@"bad_hex_and_cr.rtf"; + NSString *expected=@"Good hex:H Bad1Hex: Bad2Hex: Ignored Carriadge Return"; + + [self checkHTMLConversionOfRTFFile: file + againstExpectedHTML: expected]; +} + @end