From 50293f18e0e1d1c1c2436bf83b664d91c8790fa0 Mon Sep 17 00:00:00 2001 From: atxr Date: Wed, 21 Feb 2024 16:15:04 +0100 Subject: [PATCH] Rename and clean --- libmineziper/include/libmineziper_zip.h | 7 ++-- libmineziper/src/libmineziper_zip.c | 43 +++++++++++++++++++++++-- tests/test_decode_fixed_tree.c | 18 ++++++++--- 3 files changed, 57 insertions(+), 11 deletions(-) diff --git a/libmineziper/include/libmineziper_zip.h b/libmineziper/include/libmineziper_zip.h index df69ac5..de47035 100644 --- a/libmineziper/include/libmineziper_zip.h +++ b/libmineziper/include/libmineziper_zip.h @@ -25,7 +25,7 @@ typedef struct LFH int compressed_size; int uncompressed_size; short filename_length; - short extra_field_length; + short extraf_length; } LFH; typedef struct CDH @@ -41,7 +41,7 @@ typedef struct CDH int compressed_size; int uncompressed_size; short filename_length; - short extra_field_length; + short extraf_length; short file_comment_length; short disk_number_start; short internal_file_attributes; @@ -99,7 +99,8 @@ void deflate(zip* in); short decode_length_token(bitstream* bs, int token); int decode_distance_token(bitstream* bs, int token); -char* decode_type1_block( +char* decode_type1_block_vuln(bitstream* bs, char* decoded_data); +char* decode_type1_block_v2( bitstream* bs, int uncompressed_size, char* decoded_data); diff --git a/libmineziper/src/libmineziper_zip.c b/libmineziper/src/libmineziper_zip.c index d6f37cc..184c4d7 100644 --- a/libmineziper/src/libmineziper_zip.c +++ b/libmineziper/src/libmineziper_zip.c @@ -42,17 +42,54 @@ void get_cdh(char* data, zip* out) out->lfh[i] = (LFH*) (data + cdh->off_lfh); cdh = (CDH*) (((char*) cdh) + sizeof(CDH) + cdh->filename_length + - cdh->extra_field_length + cdh->file_comment_length); + cdh->extraf_length + cdh->file_comment_length); } } char* get_encoded_block(zip* in, int n) { return (char*) (in->lfh[n]) + sizeof(LFH) + in->lfh[n]->filename_length + - in->lfh[n]->extra_field_length; + in->lfh[n]->extraf_length; } -char* decode_type1_block(bitstream* bs, int uncompressed_size, char* decoded_data) +char* decode_type1_block_vuln(bitstream* bs, char* decoded_data) +{ + tree tr = build_default_tree(); + tree tr_dist = build_default_dist_tree(); + + int i = 0, token; + while ((token = next_token(bs, tr)) != END_OF_BLOCK) + { + if (token < END_OF_BLOCK) + { + decoded_data[i++] = token; + } + + else + { + int length = decode_length_token(bs, token); + + if ((token = next_token(bs, tr_dist)) == END_OF_BLOCK) + { + printf("[ERROR] Got EndOfBlock when decoding distance token\n"); + exit(1); + } + + int distance = decode_distance_token(bs, token); + + for (int j = 0; j < length; j++) + { + decoded_data[i] = decoded_data[i - distance]; + i++; + } + } + } +} + +char* decode_type1_block_v2( + bitstream* bs, + int uncompressed_size, + char* decoded_data) { tree tr = build_default_tree(); tree tr_dist = build_default_dist_tree(); diff --git a/tests/test_decode_fixed_tree.c b/tests/test_decode_fixed_tree.c index b06fff4..0c12583 100644 --- a/tests/test_decode_fixed_tree.c +++ b/tests/test_decode_fixed_tree.c @@ -8,11 +8,15 @@ #define BUF_SIZE 0xfffff -void main() +void main(int argc, char** argv) { - char* filename = "x.zip"; + if (argc != 2) + { + printf("NEED ONE FILE TO PROCESS\n"); + exit(1); + } - FILE* stream = fopen(filename, "r"); + FILE* stream = fopen(argv[1], "r"); if (stream == NULL) { fprintf(stderr, "Cannot open file for writing\n"); @@ -56,12 +60,16 @@ void main() { char* decoded_data = malloc(uncompressed_size); - decode_type1_block(&bs, uncompressed_size, decoded_data); + decode_type1_block_vuln(&bs, decoded_data); + // decode_type1_block_v1(&bs, uncompressed_size, decoded_data); - FILE* tmp_file = fopen("/tmp/test.txt", "w"); + char* path = "/tmp/minezipper_data"; + FILE* tmp_file = fopen(path, "w"); fwrite(decoded_data, 1, uncompressed_size, tmp_file); fclose(tmp_file); + printf("Unzipped in %s\n", path); + free(decoded_data); }