From e037cce4ca102d6bcd8992d495ae3e5846b9f180 Mon Sep 17 00:00:00 2001
From: atxr <alexandre.tullot@gmail.com>
Date: Tue, 27 Feb 2024 17:02:27 +0100
Subject: [PATCH] Change logic and add blocklist

---
 libmineziper/include/libmineziper.h |  4 ++++
 libmineziper/src/libmineziper.c     | 17 +++++++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/libmineziper/include/libmineziper.h b/libmineziper/include/libmineziper.h
index 9bf4014..818caef 100644
--- a/libmineziper/include/libmineziper.h
+++ b/libmineziper/include/libmineziper.h
@@ -21,6 +21,10 @@ bool detect_overlaps(zip zip);
 bool scan_decoded_files(zip zip);
 bool scan_zip(char* zip_data, int zip_size);
 
+// todo complete this list
+static const char* blocklist[] = {"Mimikatz.exe", "linpeas.sh", "winPEAS.bat"};
+static const int blocklist_size = sizeof(blocklist) / sizeof(char*);
+
 static const char* sigs[] = {
     "\x7f"
     "ELF",
diff --git a/libmineziper/src/libmineziper.c b/libmineziper/src/libmineziper.c
index 481bce3..7b2e027 100644
--- a/libmineziper/src/libmineziper.c
+++ b/libmineziper/src/libmineziper.c
@@ -56,8 +56,21 @@ bool scan_decoded_files(zip zip)
     // Verify CDH/LFH parsed sizes to avoid undefined behavior
     if (lfh->filename_length != zip.cdh_filename_length[i])
     {
-      fprintf(stderr, "[ERROR] Mismatch in CDH/LFH filename lengths.\n");
-      return true;
+      fprintf(
+          stderr,
+          "[ERROR] Mismatch in CDH/LFH filename lengths. Local file might be "
+          "malformed.\nSkipping file...\n");
+      continue;
+    }
+
+    for (int k = 0; k < blocklist_size; k++)
+    {
+      char* filename = zip.start + zip.lfh_off[i] + sizeof(LFH);
+      if (strcmp(blocklist[k], filename) == 0)
+      {
+        fprintf(stderr, "[ERROR] Forbidden filename found in zip archive.\n");
+        return true;
+      }
     }
 
     data* decoded = malloc(sizeof(data));