simsong
zip scanner should truncate filenames to 64 characters
Bulk Extractor can create an unrecoverable failure when processing files with long file names. When a file is encountered within a zip file where the filename is near the maximum length permissible for the machine's file system, Bulk Extractor fails when it processes the file by prepending information to the file name. As a result, a fatal write error is thrown when the operating system rejects the file name.
To resolve this error, the length of the filename should be checked prior to modifying the file name. If adding content to the filename will expand it beyond the filesystem's limit, figure out a different way to handle the file - either by reducing the length of the file name before adding to it or not renaming the file.
Although the attachments are from Bulk Extractor Windows, the problem has been validated on the current release in Linux.
alerts.txt:
# BANNER FILE NOT PROVIDED (-b option)
# BULK_EXTRACTOR-Version: 2.0.2
# Feature-Recorder: alerts
# Filename: XXXXXXXXXXXXXX.E01
# Feature-File-Version: 1.1
754974720 scanner=winpe <exception>[sbuf_t::range_exception_t: Read past end of sbuf off=0 len=11531520]</exception>
4261412864 scanner=zip <exception>Disk write error: cannot open file for writing:"E:\134\134Output\134\134zip\134\134000\134\[email protected]_________________(______________________________________________________________)______________________________________________________(_________________)____1608________27.01.2024________"_________________2024-01-27T12_54_34Z.eml":No such file or directory</exception>
