oleobj: fixed #541, "Ole10Native" is case-insensitive

decalage2
1 parent 8526b4f0
Showing 2 changed files with 5 additions and 4 deletions
oletools/oleobj.py
setup.py
@@ -14,7 +14,7 @@ http://www.decalage.info/python/oletools
  
 # === LICENSE =================================================================
  
-# oleobj is copyright (c) 2015-2019 Philippe Lagadec (http://www.decalage.info)
+# oleobj is copyright (c) 2015-2020 Philippe Lagadec (http://www.decalage.info)
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -86,8 +86,9 @@ from oletools.common.io_encoding import ensure_stdout_handles_unicode
 # 2018-03-27       PL: - fixed issue #274 in read_length_prefixed_string
 # 2018-09-11 v0.54 PL: - olefile is now a dependency
 # 2018-10-30       SA: - added detection of external links (PR #317)
+# 2020-03-03 v0.56 PL: - fixed bug #541, "Ole10Native" is case-insensitive
  
-__version__ = '0.55'
+__version__ = '0.56dev2'
  
 # -----------------------------------------------------------------------------
 # TODO:
@@ -771,7 +772,7 @@ def process_file(filename, data, output_dir=None):
         for path_parts in ole.listdir():
             stream_path = '/'.join(path_parts)
             log.debug('Checking stream %r', stream_path)
-            if path_parts[-1] == '\x01Ole10Native':
+            if path_parts[-1].lower() == '\x01ole10native':
                 stream = None
                 try:
                     stream = ole.openstream(path_parts)
@@ -52,7 +52,7 @@ import os, fnmatch
 #--- METADATA -----------------------------------------------------------------
  
 name         = "oletools"
-version      = '0.56dev1'
+version      = '0.56dev2'
 desc         = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR"
 long_desc    = open('oletools/README.rst').read()
 author       = "Philippe Lagadec"