From 63db719f0b9798f99f985449ac07d0b724a5ce30 Mon Sep 17 00:00:00 2001
From: Brad Spengler <spender+sandbox@gmail.com>
Date: Wed, 31 May 2017 15:45:48 -0400
Subject: [PATCH] Clamp num_props to prevent excessive resource usage (#114)

---
 oletools/thirdparty/olefile/olefile.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/oletools/thirdparty/olefile/olefile.py b/oletools/thirdparty/olefile/olefile.py
index cd40472..8d89275 100644
--- a/oletools/thirdparty/olefile/olefile.py
+++ b/oletools/thirdparty/olefile/olefile.py
@@ -2201,7 +2201,10 @@ class OleFileIO:
             self._raise_defect(DEFECT_INCORRECT, msg, type(exc))
             return data
 
-        for i in range(num_props):
+        # clamp num_props based on the data length
+        num_props = min(num_props, len(s) / 8)
+        
+        for i in xrange(num_props):
             property_id = 0 # just in case of an exception
             try:
                 property_id = i32(s, 8+i*8)
--
libgit2 0.21.4