offset.patch

   1 commit 20c59ad54afc7427ea680f84c8ee5a576ba54b08
   2 Author: Christos Zoulas <christos@zoulas.com>
   3 Date:   Mon Apr 18 15:10:34 2016 +0000
   4
   5     Downgrade DER comparison and offset lookup failures to be handled as match
   6     failures.
   7
   8 diff --git a/src/softmagic.c b/src/softmagic.c
   9 index 14a8bc5..5b5f0f9 100644
  10 --- a/src/softmagic.c
  11 +++ b/src/softmagic.c
  12 @@ -186,11 +186,11 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
  13                      ((text && (m->str_flags & FLT) == STRING_BINTEST) ||
  14                       (!text && (m->str_flags & FLT) == STRING_TEXTTEST))) ||
  15                     (m->flag & mode) != mode) {
  16 +flush:
  17                         /* Skip sub-tests */
  18 -                       while (magindex + 1 < nmagic &&
  19 -                               magic[magindex + 1].cont_level != 0 &&
  20 -                              ++magindex)
  21 -                               continue;
  22 +                       while (magindex < nmagic - 1 &&
  23 +                           magic[magindex + 1].cont_level != 0)
  24 +                               magindex++;
  25                         continue; /* Skip to next top-level test*/
  26                 }
  27
  28 @@ -227,10 +227,7 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
  29                          * main entry didn't match,
  30                          * flush its continuations
  31                          */
  32 -                       while (magindex < nmagic - 1 &&
  33 -                           magic[magindex + 1].cont_level != 0)
  34 -                               magindex++;
  35 -                       continue;
  36 +                       goto flush;
  37                 }
  38
  39                 if ((e = handle_annotation(ms, m)) != 0) {
  40 @@ -255,8 +252,14 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
  41                 if (print && mprint(ms, m) == -1)
  42                         return -1;
  43
  44 -               if (moffset(ms, m, nbytes, &ms->c.li[cont_level].off) == -1)
  45 +               switch (moffset(ms, m, nbytes, &ms->c.li[cont_level].off)) {
  46 +               case -1:
  47                         return -1;
  48 +               case 0:
  49 +                       goto flush;
  50 +               default:
  51 +                       break;
  52 +               }
  53
  54                 /* and any continuations that match */
  55                 if (file_check_mem(ms, ++cont_level) == -1)
  56 @@ -362,9 +365,16 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
  57                                 if (print && mprint(ms, m) == -1)
  58                                         return -1;
  59
  60 -                               if (moffset(ms, m, nbytes,
  61 -                                   &ms->c.li[cont_level].off) == -1)
  62 +                               switch (moffset(ms, m, nbytes,
  63 +                                   &ms->c.li[cont_level].off)) {
  64 +                               case -1:
  65                                         return -1;
  66 +                               case 0:
  67 +                                       flush = 1;
  68 +                                       break;
  69 +                               default:
  70 +                                       break;
  71 +                               }
  72
  73                                 if (*m->desc)
  74                                         *need_separator = 1;
  75 @@ -813,9 +823,13 @@ moffset(struct magic_set *ms, struct magic *m, size_t nbytes, int32_t *op)
  76         case FILE_DER:
  77                 {
  78                         o = der_offs(ms, m, nbytes);
  79 -                       if (o == -1) {
  80 -                               file_error(ms, 0, "EOF computing DER offset");
  81 -                               return -1;
  82 +                       if (o == -1 || (size_t)o > nbytes) {
  83 +                               if ((ms->flags & MAGIC_DEBUG) != 0) {
  84 +                                       (void)fprintf(stderr,
  85 +                                           "Bad DER offset %d nbytes=%zu",
  86 +                                           o, nbytes);
  87 +                               }
  88 +                               return 0;
  89                         }
  90                         break;
  91                 }
  92 @@ -825,12 +839,13 @@ moffset(struct magic_set *ms, struct magic *m, size_t nbytes, int32_t *op)
  93                 break;
  94         }
  95
  96 -       if ((size_t)o >= nbytes) {
  97 -               file_error(ms, 0, "Offset out of range");
  98 +       if ((size_t)o > nbytes) {
  99 +               file_error(ms, 0, "Offset out of range %zu > %zu",
 100 +                   (size_t)o, nbytes);
 101                 return -1;
 102         }
 103         *op = o;
 104 -       return 0;
 105 +       return 1;
 106  }
 107
 108  private uint32_t
 109 @@ -2107,8 +2122,13 @@ magiccheck(struct magic_set *ms, struct magic *m)
 110                 return 1;
 111         case FILE_DER:
 112                 matched = der_cmp(ms, m);
 113 -               if (matched == -1)
 114 -                       file_error(ms, 0, "EOF comparing DER entries");
 115 +               if (matched == -1) {
 116 +                       if ((ms->flags & MAGIC_DEBUG) != 0) {
 117 +                               (void) fprintf(stderr,
 118 +                                   "EOF comparing DER entries");
 119 +                       }
 120 +                       return 0;
 121 +               }
 122                 return matched;
 123         default:
 124                 file_magerror(ms, "invalid type %d in magiccheck()", m->type);