Trigger virus if size mismatch

2024-02-28 03:21:41 +01:00 · 2024-02-28 03:21:41 +01:00 · 321daf3ac8
commit 321daf3ac8
parent c06790d5e0
2 changed files with 2 additions and 18 deletions
--- a/libmineziper/include/libmineziper.h
+++ b/libmineziper/include/libmineziper.h
@ -21,10 +21,6 @@ bool detect_overlaps(zip zip);
 bool scan_decoded_files(zip zip);
 bool scan_zip(char* zip_data, int zip_size);

-// todo complete this list
-static const char* blocklist[] = {"Mimikatz.exe", "linpeas.sh", "winPEAS.bat"};
-static const int blocklist_size = sizeof(blocklist) / sizeof(char*);
-
 static const char* sigs[] = {
    "\x7f"
    "ELF",
--- a/libmineziper/src/libmineziper.c
+++ b/libmineziper/src/libmineziper.c
@ -54,23 +54,11 @@ bool scan_decoded_files(zip zip)
    LFH* lfh = (LFH*) (zip.start + zip.lfh_off[i]);

    // Verify CDH/LFH parsed sizes to avoid undefined behavior
+    // Trigger virus alert if mismatching sizes
    if (lfh->filename_length != zip.cdh_filename_length[i])
    {
-      fprintf(
-          stderr,
-          "[ERROR] Mismatch in CDH/LFH filename lengths. Local file might be "
-          "malformed.\nSkipping file...\n");
-      continue;
-    }
-
-    for (int k = 0; k < blocklist_size; k++)
-    {
-      char* filename = zip.start + zip.lfh_off[i] + sizeof(LFH);
-      if (strcmp(blocklist[k], filename) == 0)
-      {
-        fprintf(stderr, "[ERROR] Forbidden filename found in zip archive.\n");
+      fprintf(stderr, "[ERROR] Mismatch in CDH/LFH filename lengths.\n");
        return true;
-      }
    }

    data* decoded = malloc(sizeof(data));