Rename and clean
This commit is contained in:
atxr
parent
cebaad1ab1
commit
50293f18e0
3 changed files with 57 additions and 11 deletions
|
|
@ -25,7 +25,7 @@ typedef struct LFH
|
|||
int compressed_size;
|
||||
int uncompressed_size;
|
||||
short filename_length;
|
||||
short extra_field_length;
|
||||
short extraf_length;
|
||||
} LFH;
|
||||
|
||||
typedef struct CDH
|
||||
|
|
@ -41,7 +41,7 @@ typedef struct CDH
|
|||
int compressed_size;
|
||||
int uncompressed_size;
|
||||
short filename_length;
|
||||
short extra_field_length;
|
||||
short extraf_length;
|
||||
short file_comment_length;
|
||||
short disk_number_start;
|
||||
short internal_file_attributes;
|
||||
|
|
@ -99,7 +99,8 @@ void deflate(zip* in);
|
|||
short decode_length_token(bitstream* bs, int token);
|
||||
int decode_distance_token(bitstream* bs, int token);
|
||||
|
||||
char* decode_type1_block(
|
||||
char* decode_type1_block_vuln(bitstream* bs, char* decoded_data);
|
||||
char* decode_type1_block_v2(
|
||||
bitstream* bs,
|
||||
int uncompressed_size,
|
||||
char* decoded_data);
|
||||
|
|
|
|||
|
|
@ -42,17 +42,54 @@ void get_cdh(char* data, zip* out)
|
|||
out->lfh[i] = (LFH*) (data + cdh->off_lfh);
|
||||
|
||||
cdh = (CDH*) (((char*) cdh) + sizeof(CDH) + cdh->filename_length +
|
||||
cdh->extra_field_length + cdh->file_comment_length);
|
||||
cdh->extraf_length + cdh->file_comment_length);
|
||||
}
|
||||
}
|
||||
|
||||
char* get_encoded_block(zip* in, int n)
|
||||
{
|
||||
return (char*) (in->lfh[n]) + sizeof(LFH) + in->lfh[n]->filename_length +
|
||||
in->lfh[n]->extra_field_length;
|
||||
in->lfh[n]->extraf_length;
|
||||
}
|
||||
|
||||
char* decode_type1_block(bitstream* bs, int uncompressed_size, char* decoded_data)
|
||||
char* decode_type1_block_vuln(bitstream* bs, char* decoded_data)
|
||||
{
|
||||
tree tr = build_default_tree();
|
||||
tree tr_dist = build_default_dist_tree();
|
||||
|
||||
int i = 0, token;
|
||||
while ((token = next_token(bs, tr)) != END_OF_BLOCK)
|
||||
{
|
||||
if (token < END_OF_BLOCK)
|
||||
{
|
||||
decoded_data[i++] = token;
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
int length = decode_length_token(bs, token);
|
||||
|
||||
if ((token = next_token(bs, tr_dist)) == END_OF_BLOCK)
|
||||
{
|
||||
printf("[ERROR] Got EndOfBlock when decoding distance token\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
int distance = decode_distance_token(bs, token);
|
||||
|
||||
for (int j = 0; j < length; j++)
|
||||
{
|
||||
decoded_data[i] = decoded_data[i - distance];
|
||||
i++;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
char* decode_type1_block_v2(
|
||||
bitstream* bs,
|
||||
int uncompressed_size,
|
||||
char* decoded_data)
|
||||
{
|
||||
tree tr = build_default_tree();
|
||||
tree tr_dist = build_default_dist_tree();
|
||||
|
|
|
|||
|
|
@ -8,11 +8,15 @@
|
|||
|
||||
#define BUF_SIZE 0xfffff
|
||||
|
||||
void main()
|
||||
void main(int argc, char** argv)
|
||||
{
|
||||
char* filename = "x.zip";
|
||||
if (argc != 2)
|
||||
{
|
||||
printf("NEED ONE FILE TO PROCESS\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
FILE* stream = fopen(filename, "r");
|
||||
FILE* stream = fopen(argv[1], "r");
|
||||
if (stream == NULL)
|
||||
{
|
||||
fprintf(stderr, "Cannot open file for writing\n");
|
||||
|
|
@ -56,12 +60,16 @@ void main()
|
|||
{
|
||||
char* decoded_data = malloc(uncompressed_size);
|
||||
|
||||
decode_type1_block(&bs, uncompressed_size, decoded_data);
|
||||
decode_type1_block_vuln(&bs, decoded_data);
|
||||
// decode_type1_block_v1(&bs, uncompressed_size, decoded_data);
|
||||
|
||||
FILE* tmp_file = fopen("/tmp/test.txt", "w");
|
||||
char* path = "/tmp/minezipper_data";
|
||||
FILE* tmp_file = fopen(path, "w");
|
||||
fwrite(decoded_data, 1, uncompressed_size, tmp_file);
|
||||
fclose(tmp_file);
|
||||
|
||||
printf("Unzipped in %s\n", path);
|
||||
|
||||
free(decoded_data);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue