Peter M. Groen / oletools

Commit 77842b93aa1e2b92e2634003f6d0a9f895a1179d

Authored by Philippe Lagadec
1 parent 15a9744c

updated olefile to v0.43 (slight changes in _OleDirectoryEntry)

Inline Side-by-side
Showing 1 changed file with 19 additions and 19 deletions
oletools/thirdparty/olefile/olefile.py
  View file @77842b9
1 #!/usr/bin/env python 1 #!/usr/bin/env python
2 2
3 -# olefile (formerly OleFileIO_PL) version 0.42 2015-01-25 3 +# olefile (formerly OleFileIO_PL) version 0.43 2015-04-17
4 # 4 #
5 # Module to read/write Microsoft OLE2 files (also called Structured Storage or 5 # Module to read/write Microsoft OLE2 files (also called Structured Storage or
6 # Microsoft Compound Document File Format), such as Microsoft Office 97-2003 6 # Microsoft Compound Document File Format), such as Microsoft Office 97-2003
@@ -29,8 +29,8 @@ from __future__ import print_function # This version of olefile requires Pytho @@ -29,8 +29,8 @@ from __future__ import print_function # This version of olefile requires Pytho
29 29
30 30
31 __author__ = "Philippe Lagadec" 31 __author__ = "Philippe Lagadec"
32 -__date__ = "2015-01-25"  
33 -__version__ = '0.42.1' 32 +__date__ = "2015-04-17"
  33 +__version__ = '0.43'
34 34
35 #--- LICENSE ------------------------------------------------------------------ 35 #--- LICENSE ------------------------------------------------------------------
36 36
@@ -181,6 +181,7 @@ __version__ = '0.42.1' @@ -181,6 +181,7 @@ __version__ = '0.42.1'
181 # to UTF-8 on Python 2.x (Unicode on Python 3.x) 181 # to UTF-8 on Python 2.x (Unicode on Python 3.x)
182 # - added path_encoding option to override the default 182 # - added path_encoding option to override the default
183 # - fixed a bug in _list when a storage is empty 183 # - fixed a bug in _list when a storage is empty
  184 +# 2015-04-17 v0.43 PL: - slight changes in _OleDirectoryEntry
184 185
185 #----------------------------------------------------------------------------- 186 #-----------------------------------------------------------------------------
186 # TODO (for version 1.0): 187 # TODO (for version 1.0):
@@ -820,7 +821,7 @@ class _OleDirectoryEntry: @@ -820,7 +821,7 @@ class _OleDirectoryEntry:
820 # struct to parse directory entries: 821 # struct to parse directory entries:
821 # <: little-endian byte order, standard sizes 822 # <: little-endian byte order, standard sizes
822 # (note: this should guarantee that Q returns a 64 bits int) 823 # (note: this should guarantee that Q returns a 64 bits int)
823 - # 64s: string containing entry name in unicode (max 31 chars) + null char 824 + # 64s: string containing entry name in unicode UTF-16 (max 31 chars) + null char = 64 bytes
824 # H: uint16, number of bytes used in name buffer, including null = (len+1)*2 825 # H: uint16, number of bytes used in name buffer, including null = (len+1)*2
825 # B: uint8, dir entry type (between 0 and 5) 826 # B: uint8, dir entry type (between 0 and 5)
826 # B: uint8, color: 0=black, 1=red 827 # B: uint8, color: 0=black, 1=red
@@ -865,8 +866,8 @@ class _OleDirectoryEntry: @@ -865,8 +866,8 @@ class _OleDirectoryEntry:
865 self.used = False 866 self.used = False
866 # decode DirEntry 867 # decode DirEntry
867 ( 868 (
868 - name,  
869 - namelength, 869 + self.name_raw, # 64s: string containing entry name in unicode UTF-16 (max 31 chars) + null char = 64 bytes
  870 + self.namelength, # H: uint16, number of bytes used in name buffer, including null = (len+1)*2
870 self.entry_type, 871 self.entry_type,
871 self.color, 872 self.color,
872 self.sid_left, 873 self.sid_left,
@@ -877,8 +878,8 @@ class _OleDirectoryEntry: @@ -877,8 +878,8 @@ class _OleDirectoryEntry:
877 self.createTime, 878 self.createTime,
878 self.modifyTime, 879 self.modifyTime,
879 self.isectStart, 880 self.isectStart,
880 - sizeLow,  
881 - sizeHigh 881 + self.sizeLow,
  882 + self.sizeHigh
882 ) = struct.unpack(_OleDirectoryEntry.STRUCT_DIRENTRY, entry) 883 ) = struct.unpack(_OleDirectoryEntry.STRUCT_DIRENTRY, entry)
883 if self.entry_type not in [STGTY_ROOT, STGTY_STORAGE, STGTY_STREAM, STGTY_EMPTY]: 884 if self.entry_type not in [STGTY_ROOT, STGTY_STORAGE, STGTY_STREAM, STGTY_EMPTY]:
884 olefile._raise_defect(DEFECT_INCORRECT, 'unhandled OLE storage type') 885 olefile._raise_defect(DEFECT_INCORRECT, 'unhandled OLE storage type')
@@ -890,17 +891,17 @@ class _OleDirectoryEntry: @@ -890,17 +891,17 @@ class _OleDirectoryEntry:
890 #debug (struct.unpack(fmt_entry, entry[:len_entry])) 891 #debug (struct.unpack(fmt_entry, entry[:len_entry]))
891 # name should be at most 31 unicode characters + null character, 892 # name should be at most 31 unicode characters + null character,
892 # so 64 bytes in total (31*2 + 2): 893 # so 64 bytes in total (31*2 + 2):
893 - if namelength>64:  
894 - olefile._raise_defect(DEFECT_INCORRECT, 'incorrect DirEntry name length') 894 + if self.namelength>64:
  895 + olefile._raise_defect(DEFECT_INCORRECT, 'incorrect DirEntry name length >64 bytes')
895 # if exception not raised, namelength is set to the maximum value: 896 # if exception not raised, namelength is set to the maximum value:
896 - namelength = 64 897 + self.namelength = 64
897 # only characters without ending null char are kept: 898 # only characters without ending null char are kept:
898 - name = name[:(namelength-2)] 899 + self.name_utf16 = self.name_raw[:(self.namelength-2)]
899 #TODO: check if the name is actually followed by a null unicode character ([MS-CFB] 2.6.1) 900 #TODO: check if the name is actually followed by a null unicode character ([MS-CFB] 2.6.1)
900 #TODO: check if the name does not contain forbidden characters: 901 #TODO: check if the name does not contain forbidden characters:
901 # [MS-CFB] 2.6.1: "The following characters are illegal and MUST NOT be part of the name: '/', '\', ':', '!'." 902 # [MS-CFB] 2.6.1: "The following characters are illegal and MUST NOT be part of the name: '/', '\', ':', '!'."
902 # name is converted from UTF-16LE to the path encoding specified in the OleFileIO: 903 # name is converted from UTF-16LE to the path encoding specified in the OleFileIO:
903 - self.name = olefile._decode_utf16_str(name) 904 + self.name = olefile._decode_utf16_str(self.name_utf16)
904 905
905 debug('DirEntry SID=%d: %s' % (self.sid, repr(self.name))) 906 debug('DirEntry SID=%d: %s' % (self.sid, repr(self.name)))
906 debug(' - type: %d' % self.entry_type) 907 debug(' - type: %d' % self.entry_type)
@@ -912,15 +913,14 @@ class _OleDirectoryEntry: @@ -912,15 +913,14 @@ class _OleDirectoryEntry:
912 # sectors, BUT apparently some implementations set it as 0xFFFFFFFF, 1 913 # sectors, BUT apparently some implementations set it as 0xFFFFFFFF, 1
913 # or some other value so it cannot be raised as a defect in general: 914 # or some other value so it cannot be raised as a defect in general:
914 if olefile.sectorsize == 512: 915 if olefile.sectorsize == 512:
915 - if sizeHigh != 0 and sizeHigh != 0xFFFFFFFF: 916 + if self.sizeHigh != 0 and self.sizeHigh != 0xFFFFFFFF:
916 debug('sectorsize=%d, sizeLow=%d, sizeHigh=%d (%X)' % 917 debug('sectorsize=%d, sizeLow=%d, sizeHigh=%d (%X)' %
917 - (olefile.sectorsize, sizeLow, sizeHigh, sizeHigh)) 918 + (olefile.sectorsize, self.sizeLow, self.sizeHigh, self.sizeHigh))
918 olefile._raise_defect(DEFECT_UNSURE, 'incorrect OLE stream size') 919 olefile._raise_defect(DEFECT_UNSURE, 'incorrect OLE stream size')
919 - self.size = sizeLow 920 + self.size = self.sizeLow
920 else: 921 else:
921 - self.size = sizeLow + (long(sizeHigh)<<32)  
922 - debug(' - size: %d (sizeLow=%d, sizeHigh=%d)' % (self.size, sizeLow, sizeHigh))  
923 - 922 + self.size = self.sizeLow + (long(self.sizeHigh)<<32)
  923 + debug(' - size: %d (sizeLow=%d, sizeHigh=%d)' % (self.size, self.sizeLow, self.sizeHigh))
924 self.clsid = _clsid(clsid) 924 self.clsid = _clsid(clsid)
925 # a storage should have a null size, BUT some implementations such as 925 # a storage should have a null size, BUT some implementations such as
926 # Word 8 for Mac seem to allow non-null values => Potential defect: 926 # Word 8 for Mac seem to allow non-null values => Potential defect: