From 64062488401a4b7efe8acf7f411bfdb007f7ded3 Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Mon, 13 Mar 2023 22:53:57 -0400 Subject: [PATCH] Make extractable packers safer --- BinaryObjectScanner.Packer/WinRARSFX.cs | 16 +++++++----- BinaryObjectScanner.Packer/WinZipSFX.cs | 13 ++++++---- BinaryObjectScanner.Packer/WiseInstaller.cs | 28 +++++++++++++++++++-- 3 files changed, 44 insertions(+), 13 deletions(-) diff --git a/BinaryObjectScanner.Packer/WinRARSFX.cs b/BinaryObjectScanner.Packer/WinRARSFX.cs index 32135726..06380889 100644 --- a/BinaryObjectScanner.Packer/WinRARSFX.cs +++ b/BinaryObjectScanner.Packer/WinRARSFX.cs @@ -5,6 +5,7 @@ using BinaryObjectScanner.Interfaces; using BinaryObjectScanner.Wrappers; using SharpCompress.Archives; using SharpCompress.Archives.Rar; +using SharpCompress.Readers; namespace BinaryObjectScanner.Packer { @@ -46,12 +47,15 @@ namespace BinaryObjectScanner.Packer { try { - string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString()); - Directory.CreateDirectory(tempPath); - // Should be using stream instead of file, but stream fails to extract anything. My guess is that the executable portion of the archive is causing stream to fail, but not file. - using (RarArchive zipFile = RarArchive.Open(file, new SharpCompress.Readers.ReaderOptions() { LookForHeader = true })) + using (RarArchive zipFile = RarArchive.Open(file, new ReaderOptions() { LookForHeader = true })) { + if (!zipFile.IsComplete) + return null; + + string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString()); + Directory.CreateDirectory(tempPath); + foreach (var entry in zipFile.Entries) { try @@ -68,9 +72,9 @@ namespace BinaryObjectScanner.Packer if (includeDebug) Console.WriteLine(ex); } } - } - return tempPath; + return tempPath; + } } catch (Exception ex) { diff --git a/BinaryObjectScanner.Packer/WinZipSFX.cs b/BinaryObjectScanner.Packer/WinZipSFX.cs index 180b2dcf..e3d606b8 100644 --- a/BinaryObjectScanner.Packer/WinZipSFX.cs +++ b/BinaryObjectScanner.Packer/WinZipSFX.cs @@ -81,12 +81,15 @@ namespace BinaryObjectScanner.Packer { try { - string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString()); - Directory.CreateDirectory(tempPath); - // Should be using stream instead of file, but stream fails to extract anything. My guess is that the executable portion of the archive is causing stream to fail, but not file. using (ZipArchive zipFile = ZipArchive.Open(file)) { + if (!zipFile.IsComplete) + return null; + + string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString()); + Directory.CreateDirectory(tempPath); + foreach (var entry in zipFile.Entries) { try @@ -103,9 +106,9 @@ namespace BinaryObjectScanner.Packer if (includeDebug) Console.WriteLine(ex); } } - } - return tempPath; + return tempPath; + } } catch (Exception ex) { diff --git a/BinaryObjectScanner.Packer/WiseInstaller.cs b/BinaryObjectScanner.Packer/WiseInstaller.cs index f4810064..85349e26 100644 --- a/BinaryObjectScanner.Packer/WiseInstaller.cs +++ b/BinaryObjectScanner.Packer/WiseInstaller.cs @@ -230,7 +230,19 @@ namespace BinaryObjectScanner.Packer { // TODO: Try to find where the file data lives and how to get it Wise unpacker = new Wise(); - unpacker.ExtractTo(file, tempPath); + if (!unpacker.ExtractTo(file, tempPath)) + { + try + { + Directory.Delete(tempPath, true); + } + catch (Exception ex) + { + if (includeDebug) Console.WriteLine(ex); + } + + return null; + } } catch (Exception ex) { @@ -333,7 +345,19 @@ namespace BinaryObjectScanner.Packer else { Wise unpacker = new Wise(); - unpacker.ExtractTo(file, tempPath); + if (!unpacker.ExtractTo(file, tempPath)) + { + try + { + Directory.Delete(tempPath, true); + } + catch (Exception ex) + { + if (includeDebug) Console.WriteLine(ex); + } + + return null; + } } return tempPath;