From 3122c5b76f2944c8139cb8cf8b7e0c209bf8836b Mon Sep 17 00:00:00 2001
From: atxr <alexandre.tullot@gmail.com>
Date: Thu, 22 Feb 2024 11:54:16 +0100
Subject: [PATCH] Check mismatch in filename lengths

---
 libmineziper/include/libmineziper.h |  1 -
 libmineziper/src/libmineziper.c     | 43 ++++++++++++++++++-----------
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/libmineziper/include/libmineziper.h b/libmineziper/include/libmineziper.h
index 4bf4099..d1d823e 100644
--- a/libmineziper/include/libmineziper.h
+++ b/libmineziper/include/libmineziper.h
@@ -6,7 +6,6 @@
 #include "libmineziper_huffman_tree.h"
 #include "libmineziper_zip.h"
 
-bool detect_overlaps(char* filename);
 int get_uncompressed_size(zip* in);
 bool scan_zip(char* zip_data, int zip_size);
 
diff --git a/libmineziper/src/libmineziper.c b/libmineziper/src/libmineziper.c
index 7e41c5d..bb3bd78 100644
--- a/libmineziper/src/libmineziper.c
+++ b/libmineziper/src/libmineziper.c
@@ -5,11 +5,6 @@
 
 #include "libmineziper.h"
 
-bool detect_overlaps(char* filename)
-{
-  return true;
-}
-
 int get_uncompressed_size(zip* in)
 {
   int size = 0;
@@ -29,17 +24,25 @@ bool scan_zip(char* zip_data, int zip_size)
 
   for (int i = 0; i < zip.entries; i++)
   {
-    LFH* lfh = &zip.start[zip.lfh_off[i]];
+    LFH* lfh = zip.start + zip.lfh_off[i];
 
+    // Verify CDH/LFH parsed sizes to avoid undefined behavior
+    if (lfh->filename_length != zip.cdh_filename_length[i])
+      {
+        printf("[ERROR] Mismatch in CDH/LFH filename lengths.\n");
+        return true;
+      }
+
+    char* decoded_data = "";
     if (lfh->compression_method == DEFLATE)
     {
       int lfh_length = sizeof(LFH) + lfh->filename_length + lfh->extraf_length;
       char* encoded_block = &((char*) lfh)[lfh_length];
-      char* decoded_data = "";
 
       bitstream bs = init_bitstream(encoded_block, lfh->compressed_size, 0);
       ISH deflate_header = {.raw = get_bits(&bs, 3)};
 
+      // Stored block
       if (deflate_header.block_type == 0)
       {
         align_to_next_byte(&bs);
@@ -52,6 +55,7 @@ bool scan_zip(char* zip_data, int zip_size)
         memcpy(decoded_data, &bs.data[bs.current_data_offset], block_size);
       }
 
+      // Fixed Huffman Codes
       else if (deflate_header.block_type == 1)
       {
         printf("[FILE %d] Scanning 1 block...\n", i);
@@ -60,6 +64,7 @@ bool scan_zip(char* zip_data, int zip_size)
         decode_type1_block_vuln(&bs, decoded_data);
       }
 
+      // Dynamic Huffman Codes
       else if (deflate_header.block_type == 2)
       {
         fprintf(
@@ -68,20 +73,26 @@ bool scan_zip(char* zip_data, int zip_size)
             i);
       }
 
+      // Invalid type
       else
       {
         fprintf(stderr, "[FILE %d] Error in compressed data\n", i);
       }
+    }
+    else
+    {
+      fprintf(stderr, "Unknown decompression algorithm. Skipping...\n");
+    }
 
-      if (strcmp("VIRUS", decoded_data) == 0)
-      {
-        printf("-> VIRUS FOUND\n");
-        return true;
-      }
-      else
-      {
-        printf("-> OK\n\n");
-      }
+    // Test the decoded data
+    if (strcmp("VIRUS", decoded_data) == 0)
+    {
+      printf("-> VIRUS FOUND\n");
+      return true;
+    }
+    else
+    {
+      printf("-> OK\n\n");
     }
   }