Commit 2f4b6e399d6f39aa21bf6c272da371c2fb51adad
1 parent
7888b62a
rtfobj: fixed issues #303 #307, several destination cwords were incorrect
Showing
1 changed file
with
20 additions
and
14 deletions
oletools/rtfobj.py
| ... | ... | @@ -83,8 +83,9 @@ http://www.decalage.info/python/oletools |
| 83 | 83 | # 2018-03-24 v0.53 PL: - fixed issue #292: \margSz is a destination |
| 84 | 84 | # 2018-04-27 PL: - extract and display the CLSID of OLE objects |
| 85 | 85 | # 2018-04-30 PL: - handle "\'" obfuscation trick - issue #281 |
| 86 | +# 2018-05-10 PL: - fixed issues #303 #307: several destination cwords were incorrect | |
| 86 | 87 | |
| 87 | -__version__ = '0.53dev8' | |
| 88 | +__version__ = '0.53dev9' | |
| 88 | 89 | |
| 89 | 90 | # ------------------------------------------------------------------------------ |
| 90 | 91 | # TODO: |
| ... | ... | @@ -267,21 +268,21 @@ re_executable_extensions = re.compile( |
| 267 | 268 | |
| 268 | 269 | # Destination Control Words, according to MS RTF Specifications v1.9.1: |
| 269 | 270 | DESTINATION_CONTROL_WORDS = frozenset(( |
| 270 | - b"aftncn", b"aftnsep", b"aftnsepc", b"annotation", b"atnauthor", b"atndate", b"atnicn", b"atnid", b"atnparent", b"atnref", | |
| 271 | - b"atntime", b"atrfend", b"atrfstart", b"author", b"background", b"bkmkend", b"bkmkstart", b"blipuid", b"buptim", b"category", | |
| 271 | + b"aftncn", b"aftnsep", b"aftnsepc", b"annotation", b"atnauthor", b"atndate", b"atnid", b"atnparent", b"atnref", | |
| 272 | + b"atrfend", b"atrfstart", b"author", b"background", b"bkmkend", b"bkmkstart", b"blipuid", b"buptim", b"category", | |
| 272 | 273 | b"colorschememapping", b"colortbl", b"comment", b"company", b"creatim", b"datafield", b"datastore", b"defchp", b"defpap", |
| 273 | 274 | b"do", b"doccomm", b"docvar", b"dptxbxtext", b"ebcend", b"ebcstart", b"factoidname", b"falt", b"fchars", b"ffdeftext", |
| 274 | 275 | b"ffentrymcr", b"ffexitmcr", b"ffformat", b"ffhelptext", b"ffl", b"ffname",b"ffstattext", b"field", b"file", b"filetbl", |
| 275 | - b"fldinst", b"fldrslt", b"fldtype", b"fname", b"fontemb", b"fontfile", b"fonttbl", b"footer", b"footerf", b"footerl", | |
| 276 | + b"fldinst", b"fldrslt", b"fldtype", b"fontemb", b"fonttbl", b"footer", b"footerf", b"footerl", | |
| 276 | 277 | b"footerr", b"footnote", b"formfield", b"ftncn", b"ftnsep", b"ftnsepc", b"g", b"generator", b"gridtbl", b"header", b"headerf", |
| 277 | - b"headerl", b"headerr", b"hl", b"hlfr", b"hlinkbase", b"hlloc", b"hlsrc", b"hsv", b"htmltag", b"info", b"keycode", b"keywords", | |
| 278 | + b"headerl", b"headerr", b"hl", b"hlfr", b"hlinkbase", b"hlloc", b"hlsrc", b"hsv", b"info", b"keywords", | |
| 278 | 279 | b"latentstyles", b"lchars", b"levelnumbers", b"leveltext", b"lfolevel", b"linkval", b"list", b"listlevel", b"listname", |
| 279 | 280 | b"listoverride", b"listoverridetable", b"listpicture", b"liststylename", b"listtable", b"listtext", b"lsdlockedexcept", |
| 280 | - b"macc", b"maccPr", b"mailmerge", b"maln",b"malnScr", b"manager", b"margPr", b"mbar", b"mbarPr", b"mbaseJc", b"mbegChr", | |
| 281 | + b"macc", b"maccPr", b"mailmerge", b"malnScr", b"manager", b"margPr", b"mbar", b"mbarPr", b"mbaseJc", b"mbegChr", | |
| 281 | 282 | b"mborderBox", b"mborderBoxPr", b"mbox", b"mboxPr", b"mchr", b"mcount", b"mctrlPr", b"md", b"mdeg", b"mdegHide", b"mden", |
| 282 | 283 | b"mdiff", b"mdPr", b"me", b"mendChr", b"meqArr", b"meqArrPr", b"mf", b"mfName", b"mfPr", b"mfunc", b"mfuncPr",b"mgroupChr", |
| 283 | - b"mgroupChrPr",b"mgrow", b"mhideBot", b"mhideLeft", b"mhideRight", b"mhideTop", b"mhtmltag", b"mlim", b"mlimloc", b"mlimlow", | |
| 284 | - b"mlimlowPr", b"mlimupp", b"mlimuppPr", b"mm", b"mmaddfieldname", b"mmath", b"mmathPict", b"mmathPr",b"mmaxdist", b"mmc", | |
| 284 | + b"mgroupChrPr",b"mgrow", b"mhideBot", b"mhideLeft", b"mhideRight", b"mhideTop", b"mlim", b"mlimLoc", b"mlimLow", | |
| 285 | + b"mlimLowPr", b"mlimUpp", b"mlimUppPr", b"mm", b"mmaddfieldname", b"mmathPict", b"mmaxDist", b"mmc", | |
| 285 | 286 | b"mmcJc", b"mmconnectstr", b"mmconnectstrdata", b"mmcPr", b"mmcs", b"mmdatasource", b"mmheadersource", b"mmmailsubject", |
| 286 | 287 | b"mmodso", b"mmodsofilter", b"mmodsofldmpdata", b"mmodsomappedname", b"mmodsoname", b"mmodsorecipdata", b"mmodsosort", |
| 287 | 288 | b"mmodsosrc", b"mmodsotable", b"mmodsoudl", b"mmodsoudldata", b"mmodsouniquetag", b"mmPr", b"mmquery", b"mmr", b"mnary", |
| ... | ... | @@ -289,20 +290,25 @@ DESTINATION_CONTROL_WORDS = frozenset(( |
| 289 | 290 | b"mplcHide", b"mpos", b"mr", b"mrad", b"mradPr", b"mrPr", b"msepChr", b"mshow", b"mshp", b"msPre", b"msPrePr", b"msSub", |
| 290 | 291 | b"msSubPr", b"msSubSup", b"msSubSupPr", b"msSup", b"msSupPr", b"mstrikeBLTR", b"mstrikeH", b"mstrikeTLBR", b"mstrikeV", |
| 291 | 292 | b"msub", b"msubHide", b"msup", b"msupHide", b"mtransp", b"mtype", b"mvertJc", b"mvfmf", b"mvfml", b"mvtof", b"mvtol", |
| 292 | - b"mzeroAsc", b"mzeroDesc", b"mzeroWid", b"nesttableprops", b"nexctfile", b"nonesttables", b"objalias", b"objclass", | |
| 293 | - b"objdata", b"object", b"objname", b"objsect", b"objtime", b"oldcprops", b"oldpprops", b"oldsprops", b"oldtprops", | |
| 293 | + b"mzeroAsc", b"mzeroDesc", b"mzeroWid", b"nesttableprops", b"nonesttables", b"objalias", b"objclass", | |
| 294 | + b"objdata", b"object", b"objname", b"objsect", b"oldcprops", b"oldpprops", b"oldsprops", b"oldtprops", | |
| 294 | 295 | b"oleclsid", b"operator", b"panose", b"password", b"passwordhash", b"pgp", b"pgptbl", b"picprop", b"pict", b"pn", b"pnseclvl", |
| 295 | 296 | b"pntext", b"pntxta", b"pntxtb", b"printim", |
| 296 | - # It seems \private should not be treated as a destination (issue #178) | |
| 297 | - # Same for \pxe (issue #196) | |
| 298 | - # b"private", b"pxe", | |
| 299 | 297 | b"propname", b"protend", b"protstart", b"protusertbl", |
| 300 | - b"result", b"revtbl", b"revtim", b"rsidtbl", b"rtf", b"rxe", b"shp", b"shpgrp", b"shpinst", b"shppict", b"shprslt", b"shptxt", | |
| 298 | + b"result", b"revtbl", b"revtim", b"rtf", b"rxe", b"shp", b"shpgrp", b"shpinst", b"shppict", b"shprslt", b"shptxt", | |
| 301 | 299 | b"sn", b"sp", b"staticval", b"stylesheet", b"subject", b"sv", b"svb", b"tc", b"template", b"themedata", b"title", b"txe", b"ud", |
| 302 | 300 | b"upr", b"userprops", b"wgrffmtfilter", b"windowcaption", b"writereservation", b"writereservhash", b"xe", b"xform", |
| 303 | 301 | b"xmlattrname", b"xmlattrvalue", b"xmlclose", b"xmlname", b"xmlnstbl", b"xmlopen", |
| 304 | 302 | # added for issue #292: https://github.com/decalage2/oletools/issues/292 |
| 305 | 303 | b"margSz", |
| 304 | + | |
| 305 | + # It seems \private should not be treated as a destination (issue #178) | |
| 306 | + # Same for \pxe (issue #196) | |
| 307 | + # b"private", b"pxe", | |
| 308 | + # from issue #303: These destination control words can be treated as a "value" type. | |
| 309 | + # They don't consume data so they won't change the state of the parser. | |
| 310 | + # b"atnicn", b"atntime", b"fname", b"fontfile", b"htmltag", b"keycode", b"maln", | |
| 311 | + # b"mhtmltag", b"mmath", b"mmathPr", b"nextfile", b"objtime", b"rsidtbl", | |
| 306 | 312 | )) |
| 307 | 313 | |
| 308 | 314 | ... | ... |