file extension checks needed for polyglot files

[thejh]

Circlean bypass for zipfiles:

dd if=img.png bs=8 count=1 of=stealth.zip
cat a.zip>>stealth.zip

Works for PDF, too:

dd if=img.png bs=8 count=1 of=stealth.pdf
echo>>stealth.pdf
cat<out.pdf>>stealth.pdf

You might want to start whitelisting file extensions and checking that file extension and detected MIME type match.

[Rafiot]

Good point, thank for the hint.

I will look for a somehow generic way to match the mimetypes with the extensions. We will have a problem with some specific types that have many different extensions for the same mime type.

[Rafiot]

I will implement the fix with the information provided here:
https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types

[adulau]

The new version of the code PyCIRCLean (standalone Python code) fixed this security bug:

CIRCL/PyCIRCLean@ac372dc

So this code will limit the issue of the polygot files. Tests and feedback more than welcome.

[Rafiot]

This bug is now completely fixed by this commit: CIRCL/PyCIRCLean@420e87c

[Rafiot]

and this one that removed the buggy code: def6c26

[Rafiot]

#24