Increase extraction safety

2026-04-26 16:20:39 +00:00 · 2024-12-03 03:43:39 -05:00
parent 6b7ad781b7
commit c70b5f6ec8
7 changed files with 23 additions and 4 deletions
--- a/BinaryObjectScanner/FileType/CFB.cs
+++ b/BinaryObjectScanner/FileType/CFB.cs
@@ -30,6 +30,9 @@ namespace BinaryObjectScanner.FileType
            // Not supported for .NET Framework 2.0 or .NET Framework 3.5 due to library support
            return false;
 #else
+            if (stream == null || !stream.CanRead)
+                return false;
+
            try
            {
                using var msi = new CompoundFile(stream, CFSUpdateMode.ReadOnly, CFSConfiguration.Default);
--- a/BinaryObjectScanner/FileType/InstallShieldArchiveV3.cs
+++ b/BinaryObjectScanner/FileType/InstallShieldArchiveV3.cs
@@ -25,6 +25,9 @@ namespace BinaryObjectScanner.FileType
        {
            try
            {
+                if (!File.Exists(file))
+                    return false;
+
                var archive = new ISv3(file);
                foreach (var cfile in archive.Files)
                {
@@ -39,10 +42,8 @@ namespace BinaryObjectScanner.FileType
                        if (fileContents == null || !string.IsNullOrEmpty(error))
                            continue;

-                        using (FileStream fs = File.OpenWrite(tempFile))
-                        {
-                            fs.Write(fileContents, 0, fileContents.Length);
-                        }
+                        using FileStream fs = File.OpenWrite(tempFile);
+                        fs.Write(fileContents, 0, fileContents.Length);
                    }
                    catch (Exception ex)
                    {
--- a/BinaryObjectScanner/FileType/InstallShieldCAB.cs
+++ b/BinaryObjectScanner/FileType/InstallShieldCAB.cs
@@ -54,6 +54,9 @@ namespace BinaryObjectScanner.FileType

            try
            {
+                if (!File.Exists(file))
+                    return false;
+
                var cabfile = InstallShieldCabinet.Open(file);
                if (cabfile?.HeaderList == null)
                    return false;
--- a/BinaryObjectScanner/FileType/MPQ.cs
+++ b/BinaryObjectScanner/FileType/MPQ.cs
@@ -32,6 +32,9 @@ namespace BinaryObjectScanner.FileType
 #else
            try
            {
+                if (!File.Exists(file))
+                    return false;
+
                // Try to open the archive and listfile
                var mpqArchive = new MpqArchive(file, FileAccess.Read);
                string? listfile = null;
--- a/BinaryObjectScanner/FileType/MicrosoftCAB.cs
+++ b/BinaryObjectScanner/FileType/MicrosoftCAB.cs
@@ -33,6 +33,9 @@ namespace BinaryObjectScanner.FileType
 #else
            try
            {
+                if (!File.Exists(file))
+                    return false;
+
                // Loop over each entry
                var cabArchive = new MSCabinet(file);
                foreach (var compressedFile in cabArchive.GetFiles())
--- a/BinaryObjectScanner/FileType/MicrosoftLZ.cs
+++ b/BinaryObjectScanner/FileType/MicrosoftLZ.cs
@@ -24,6 +24,9 @@ namespace BinaryObjectScanner.FileType
        /// <inheritdoc/>
        public bool Extract(Stream? stream, string file, string outDir, bool includeDebug)
        {
+            if (stream == null || !stream.CanRead)
+                return false;
+
            try
            {
                var data = Decompressor.Decompress(stream);
--- a/BinaryObjectScanner/FileType/XZ.cs
+++ b/BinaryObjectScanner/FileType/XZ.cs
@@ -26,6 +26,9 @@ namespace BinaryObjectScanner.FileType
        public bool Extract(Stream? stream, string file, string outDir, bool includeDebug)
        {
 #if NET462_OR_GREATER || NETCOREAPP
+            if (stream == null || !stream.CanRead)
+                return false;
+
            try
            {
                // Try opening the stream