Rename and clean

libmineziper/include/libmineziper_zip.h

@@ -25,7 +25,7 @@ typedef struct LFH
   int compressed_size;
   int uncompressed_size;
   short filename_length;
-  short extra_field_length;
+  short extraf_length;
 } LFH;
 
 typedef struct CDH
@@ -41,7 +41,7 @@ typedef struct CDH
   int compressed_size;
   int uncompressed_size;
   short filename_length;
-  short extra_field_length;
+  short extraf_length;
   short file_comment_length;
   short disk_number_start;
   short internal_file_attributes;
@@ -99,7 +99,8 @@ void deflate(zip* in);
 short decode_length_token(bitstream* bs, int token);
 int decode_distance_token(bitstream* bs, int token);
 
-char* decode_type1_block(
+char* decode_type1_block_vuln(bitstream* bs, char* decoded_data);
+char* decode_type1_block_v2(
     bitstream* bs,
     int uncompressed_size,
     char* decoded_data);

libmineziper/src/libmineziper_zip.c

@@ -42,17 +42,54 @@ void get_cdh(char* data, zip* out)
     out->lfh[i] = (LFH*) (data + cdh->off_lfh);
 
     cdh = (CDH*) (((char*) cdh) + sizeof(CDH) + cdh->filename_length +
-                  cdh->extra_field_length + cdh->file_comment_length);
+                  cdh->extraf_length + cdh->file_comment_length);
   }
 }
 
 char* get_encoded_block(zip* in, int n)
 {
   return (char*) (in->lfh[n]) + sizeof(LFH) + in->lfh[n]->filename_length +
-         in->lfh[n]->extra_field_length;
+         in->lfh[n]->extraf_length;
 }
 
-char* decode_type1_block(bitstream* bs, int uncompressed_size, char* decoded_data)
+char* decode_type1_block_vuln(bitstream* bs, char* decoded_data)
+{
+  tree tr = build_default_tree();
+  tree tr_dist = build_default_dist_tree();
+
+  int i = 0, token;
+  while ((token = next_token(bs, tr)) != END_OF_BLOCK)
+  {
+    if (token < END_OF_BLOCK)
+    {
+      decoded_data[i++] = token;
+    }
+
+    else
+    {
+      int length = decode_length_token(bs, token);
+
+      if ((token = next_token(bs, tr_dist)) == END_OF_BLOCK)
+      {
+        printf("[ERROR] Got EndOfBlock when decoding distance token\n");
+        exit(1);
+      }
+
+      int distance = decode_distance_token(bs, token);
+
+      for (int j = 0; j < length; j++)
+      {
+        decoded_data[i] = decoded_data[i - distance];
+        i++;
+      }
+    }
+  }
+}
+
+char* decode_type1_block_v2(
+    bitstream* bs,
+    int uncompressed_size,
+    char* decoded_data)
 {
   tree tr = build_default_tree();
   tree tr_dist = build_default_dist_tree();

tests/test_decode_fixed_tree.c

@@ -8,11 +8,15 @@
 
 #define BUF_SIZE 0xfffff
 
-void main()
+void main(int argc, char** argv)
 {
-  char* filename = "x.zip";
+  if (argc != 2)
+  {
+    printf("NEED ONE FILE TO PROCESS\n");
+    exit(1);
+  }
 
-  FILE* stream = fopen(filename, "r");
+  FILE* stream = fopen(argv[1], "r");
   if (stream == NULL)
   {
     fprintf(stderr, "Cannot open file for writing\n");
@@ -56,12 +60,16 @@ void main()
         {
           char* decoded_data = malloc(uncompressed_size);
 
-          decode_type1_block(&bs, uncompressed_size, decoded_data);
+          decode_type1_block_vuln(&bs, decoded_data);
+          // decode_type1_block_v1(&bs, uncompressed_size, decoded_data);
 
-          FILE* tmp_file = fopen("/tmp/test.txt", "w");
+          char* path = "/tmp/minezipper_data";
+          FILE* tmp_file = fopen(path, "w");
           fwrite(decoded_data, 1, uncompressed_size, tmp_file);
           fclose(tmp_file);
 
+          printf("Unzipped in %s\n", path);
+
           free(decoded_data);
         }