Merge pull request #820 from onekey-sec/819-zip64

fix(handler): add support for zip64 values in Central Directory Headers
onekey-sec · Apr 4, 2024 · 48b7ddb · 48b7ddb
2 parents fb8c965 + 29a8188
commit 48b7ddb
Show file tree

Hide file tree

Showing 11 changed files with 63 additions and 6 deletions.
diff --git a/tests/integration/archive/zip/zip64/__input__/colors.zip b/tests/integration/archive/zip/zip64/__input__/colors.zip
diff --git a/tests/integration/archive/zip/zip64/__input__/colors_garbage.zip b/tests/integration/archive/zip/zip64/__input__/colors_garbage.zip
diff --git a/tests/integration/archive/zip/zip64/__input__/zero_edited.zip b/tests/integration/archive/zip/zip64/__input__/zero_edited.zip
diff --git a/tests/integration/archive/zip/zip64/__output__/colors.zip_extract/blue.txt b/tests/integration/archive/zip/zip64/__output__/colors.zip_extract/blue.txt
diff --git a/tests/integration/archive/zip/zip64/__output__/colors.zip_extract/red.txt b/tests/integration/archive/zip/zip64/__output__/colors.zip_extract/red.txt
diff --git a/tests/integration/archive/zip/zip64/__output__/colors_garbage.zip_extract/0-1024.unknown b/tests/integration/archive/zip/zip64/__output__/colors_garbage.zip_extract/0-1024.unknown
diff --git a/tests/integration/archive/zip/zip64/__output__/colors_garbage.zip_extract/1024-1481.zip b/tests/integration/archive/zip/zip64/__output__/colors_garbage.zip_extract/1024-1481.zip
diff --git a/...on/archive/zip/zip64/__output__/colors_garbage.zip_extract/1024-1481.zip_extract/blue.txt b/...on/archive/zip/zip64/__output__/colors_garbage.zip_extract/1024-1481.zip_extract/blue.txt
diff --git a/...ion/archive/zip/zip64/__output__/colors_garbage.zip_extract/1024-1481.zip_extract/red.txt b/...ion/archive/zip/zip64/__output__/colors_garbage.zip_extract/1024-1481.zip_extract/red.txt
diff --git a/tests/integration/archive/zip/zip64/__output__/zero_edited.zip_extract/zero b/tests/integration/archive/zip/zip64/__output__/zero_edited.zip_extract/zero
diff --git a/unblob/handlers/archive/zip.py b/unblob/handlers/archive/zip.py
@@ -36,9 +36,9 @@ class ZIPHandler(StructHandler):
             uint16 internal_file_attr;
             uint32 external_file_attr;
             uint32 relative_offset_local_header;
-            char file_name[file_name_length];
-            char extra_field[extra_field_length];
-        } cd_file_header_t;
+            // char file_name[file_name_length];
+            // char extra_field[extra_field_length];
+        } partial_cd_file_header_t;
 
         typedef struct end_of_central_directory
         {
@@ -94,8 +94,12 @@ def has_encrypted_files(
     ) -> bool:
         file.seek(start_offset + end_of_central_directory.offset_of_cd, io.SEEK_SET)
         for _ in range(end_of_central_directory.total_entries):
-            cd_header = self.cparser_le.cd_file_header_t(file)
-            if cd_header.flags & self.ENCRYPTED_FLAG:
+            file_header = self.cparser_le.partial_cd_file_header_t(file)
+            file.seek(
+                file_header.file_name_length + file_header.extra_field_length,
+                io.SEEK_CUR,
+            )
+            if file_header.flags & self.ENCRYPTED_FLAG:
                 return True
         return False
 
@@ -111,6 +115,14 @@ def is_zip64_eocd(end_of_central_directory: Instance):
             or end_of_central_directory.offset_of_cd == 0xFFFFFFFF
         )
 
+    @staticmethod
+    def is_zip64_cd_file(file_header: Instance):
+        # see https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT section 4.3.9.2
+        return (
+            file_header.file_size == 0xFFFFFFFF
+            or file_header.compress_size == 0xFFFFFFFF
+        )
+
     def _parse_zip64(self, file: File, start_offset: int, offset: int) -> Instance:
         file.seek(start_offset, io.SEEK_SET)
         for eocd_locator_offset in iterate_patterns(
@@ -137,6 +149,20 @@ def _parse_zip64(self, file: File, start_offset: int, offset: int) -> Instance:
             "Missing ZIP64 EOCD locator record header in ZIP chunk."
         )
 
+    def is_zip64(self, file, start_offset, offset, end_of_central_directory):
+        absolute_offset_of_cd = start_offset + end_of_central_directory.offset_of_cd
+
+        if 0 < absolute_offset_of_cd < offset:
+            file.seek(absolute_offset_of_cd, io.SEEK_SET)
+            file_header = self.cparser_le.partial_cd_file_header_t(file)
+            if self.is_zip64_cd_file(file_header):
+                return True
+
+        # some values in the CD can be FFFF, indicating its a zip64
+        # if the offset of the CD is 0xFFFFFFFF, its definitely one
+        # otherwise we check every other header indicating zip64
+        return self.is_zip64_eocd(end_of_central_directory)
+
     def calculate_chunk(self, file: File, start_offset: int) -> Optional[ValidChunk]:
         has_encrypted_files = False
         file.seek(start_offset, io.SEEK_SET)
@@ -147,7 +173,8 @@ def calculate_chunk(self, file: File, start_offset: int) -> Optional[ValidChunk]
             file.seek(offset, io.SEEK_SET)
             end_of_central_directory = self.parse_header(file)
 
-            if self.is_zip64_eocd(end_of_central_directory):
+            if self.is_zip64(file, start_offset, offset, end_of_central_directory):
+                file.seek(offset, io.SEEK_SET)
                 end_of_central_directory = self._parse_zip64(file, start_offset, offset)
                 break