Commit 7680eb11f7721747ea8e8a7f47aa1798d7ddabf1
1 parent
c8a4b6a9
oleobj: remember whether OleNativeStream data is stream/link
Showing
1 changed file
with
11 additions
and
2 deletions
oletools/oleobj.py
| ... | ... | @@ -284,6 +284,8 @@ class OleNativeStream (object): |
| 284 | 284 | self.actual_size = None |
| 285 | 285 | self.data = None |
| 286 | 286 | self.package = package |
| 287 | + self.is_link = None | |
| 288 | + self.data_is_stream = None | |
| 287 | 289 | if bindata is not None: |
| 288 | 290 | self.parse(data=bindata) |
| 289 | 291 | |
| ... | ... | @@ -300,8 +302,10 @@ class OleNativeStream (object): |
| 300 | 302 | # TODO: strict mode to raise exceptions when values are incorrect |
| 301 | 303 | # (permissive mode by default) |
| 302 | 304 | if hasattr(data, 'read'): |
| 305 | + self.data_is_stream = True | |
| 303 | 306 | index = None # marker for read_* functions to expect stream |
| 304 | 307 | else: |
| 308 | + self.data_is_stream = False | |
| 305 | 309 | index = 0 # marker for read_* functions to expect array |
| 306 | 310 | |
| 307 | 311 | # An OLE Package object does not have the native data size field |
| ... | ... | @@ -322,10 +326,11 @@ class OleNativeStream (object): |
| 322 | 326 | # size of the rest of the data |
| 323 | 327 | try: |
| 324 | 328 | self.actual_size, index = read_uint32(data, index) |
| 325 | - if index is None: # data is a bytes stream | |
| 329 | + if self.data_is_stream: | |
| 326 | 330 | self.data = data |
| 327 | - else: # data is a bytes array | |
| 331 | + else: | |
| 328 | 332 | self.data = data[index:index+self.actual_size] |
| 333 | + self.is_link = False | |
| 329 | 334 | # TODO: exception when size > remaining data |
| 330 | 335 | # TODO: SLACK DATA |
| 331 | 336 | except (IOError, struct.error): # no data to read actual_size |
| ... | ... | @@ -549,6 +554,10 @@ def process_file(container, filename, data, output_dir=None): |
| 549 | 554 | continue |
| 550 | 555 | |
| 551 | 556 | # print info |
| 557 | + if opkg.is_link: | |
| 558 | + log.debug('Object is not embedded but only linked to ' | |
| 559 | + '- skip') | |
| 560 | + continue | |
| 552 | 561 | print ('Filename = %r' % opkg.filename) |
| 553 | 562 | print ('Source path = %r' % opkg.src_path) |
| 554 | 563 | print ('Temp path = %r' % opkg.temp_path) | ... | ... |