From 321daf3ac88302c9e241bc8c07f3fac4200b15fb Mon Sep 17 00:00:00 2001 From: atxr Date: Wed, 28 Feb 2024 03:21:41 +0100 Subject: [PATCH] Trigger virus if size mismatch --- libmineziper/include/libmineziper.h | 4 ---- libmineziper/src/libmineziper.c | 16 ++-------------- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/libmineziper/include/libmineziper.h b/libmineziper/include/libmineziper.h index 818caef..9bf4014 100644 --- a/libmineziper/include/libmineziper.h +++ b/libmineziper/include/libmineziper.h @@ -21,10 +21,6 @@ bool detect_overlaps(zip zip); bool scan_decoded_files(zip zip); bool scan_zip(char* zip_data, int zip_size); -// todo complete this list -static const char* blocklist[] = {"Mimikatz.exe", "linpeas.sh", "winPEAS.bat"}; -static const int blocklist_size = sizeof(blocklist) / sizeof(char*); - static const char* sigs[] = { "\x7f" "ELF", diff --git a/libmineziper/src/libmineziper.c b/libmineziper/src/libmineziper.c index 7b2e027..71e34df 100644 --- a/libmineziper/src/libmineziper.c +++ b/libmineziper/src/libmineziper.c @@ -54,23 +54,11 @@ bool scan_decoded_files(zip zip) LFH* lfh = (LFH*) (zip.start + zip.lfh_off[i]); // Verify CDH/LFH parsed sizes to avoid undefined behavior + // Trigger virus alert if mismatching sizes if (lfh->filename_length != zip.cdh_filename_length[i]) { - fprintf( - stderr, - "[ERROR] Mismatch in CDH/LFH filename lengths. Local file might be " - "malformed.\nSkipping file...\n"); - continue; - } - - for (int k = 0; k < blocklist_size; k++) - { - char* filename = zip.start + zip.lfh_off[i] + sizeof(LFH); - if (strcmp(blocklist[k], filename) == 0) - { - fprintf(stderr, "[ERROR] Forbidden filename found in zip archive.\n"); + fprintf(stderr, "[ERROR] Mismatch in CDH/LFH filename lengths.\n"); return true; - } } data* decoded = malloc(sizeof(data));