Improved CPIO, Windows CE, and ISO 9660 signature validation

fdd6944e · Craig Heffner · 34db0f73 · fdd6944e · fdd6944e · fdd6944e
Commit fdd6944e authored Mar 14, 2017 by Craig Heffner
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 1 deletions

filesystems src/binwalk/magic/filesystems +1 -0

firmware src/binwalk/magic/firmware +1 -1

cpio.py src/binwalk/plugins/cpio.py +21 -0

No files found.
--- a/src/binwalk/magic/filesystems
+++ b/src/binwalk/magic/filesystems
@@ -597,6 +597,7 @@
 32769   string        CD001                                         ISO
 >6144   string        !NSR0                                         9660 CD-ROM filesystem data,
 >6144   string        NSR0                                          UDF filesystem data,
+>32770  byte          !1                                            {invalid}
 >6148   string        1                                             version 1.0,
 >6148   string        2                                             version 2.0,
 >6148   string        3                                             version 3.0

--- a/src/binwalk/magic/firmware
+++ b/src/binwalk/magic/firmware
@@ -290,7 +290,7 @@
 0    string    B000FF    Windows CE image header,
 >7   ulelong   x         image start: 0x%X,
 >11  ulelong   x         image length: %d
-
+>11  ulelong   x         {size:%d}

 #Windows CE RomImage
 63    string    \x00ECEC     Windows CE memory segment header,

--- a/src/binwalk/plugins/cpio.py
+++ b/src/binwalk/plugins/cpio.py
@@ -61,12 +61,33 @@ class CPIOPlugin(binwalk.core.plugin.Plugin):
        self.found_archive = False
        self.found_archive_in_file = None

+    def _get_file_name(self, description):
+        name = ''
+        if 'file name: "' in description:
+            name = description.split('file name: "')[1].split('"')[0]
+        return name
+
+    def _get_file_name_length(self, description):
+        length = 0
+        if 'file name length: "' in description:
+            length_string = description.split('file name length: "')[1].split('"')[0]
+            length = int(length_string, 0)
+        return length
+
    def scan(self, result):
        if result.valid:
            # ASCII CPIO archives consist of multiple entries, ending with an entry named 'TRAILER!!!'.
            # Displaying each entry is useful, as it shows what files are contained in the archive,
            # but we only want to extract the archive when the first entry is found.
            if result.description.startswith('ASCII cpio archive'):
+
+                # Validate the reported name length
+                file_name = self._get_file_name(result.description)
+                file_name_length = self._get_file_name_length(result.description)
+                if len(file_name) != file_name_length:
+                    result.valid = False
+                    return
+
                self.consecutive_hits += 1

                if not self.found_archive or self.found_archive_in_file != result.file.name: