git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Browse Source

Import Debian version 5.11-2+deb7u1

Christoph Biedl 11 years ago
parent
0c304788cf
commit
3aab65ba5e
2 changed files with 140 additions and 0 deletions
Unified View Show Diff Stats
  1. 139 0
      debian/patches/CVE-2014-1943.patch
  2. 1 0
      debian/patches/series

+ 139 - 0
debian/patches/CVE-2014-1943.patch
View File 

@@ -0,0 +1,139 @@
 
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
 
+Description:
 
+ prevent infinite recursion.
 
+ count indirect recursion as recursion.
 
+
 
+Upstream commit IDs:
 
+    3c081560c23f20b2985c285338b52c7aae9fdb0f
 
+    cc9e74dfeca5265ad725acc926ef0b8d2a18ee70
 
+
 
+Backport for 5.11: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
 
+
 
+--- a/src/softmagic.c
 
++++ b/src/softmagic.c
 
+@@ -43,9 +43,9 @@
 
+ 
+ 
+ private int match(struct magic_set *, struct magic *, uint32_t,
 
+-    const unsigned char *, size_t, int, int);
 
++    const unsigned char *, size_t, int, int, int);
 
+ private int mget(struct magic_set *, const unsigned char *,
 
+-    struct magic *, size_t, unsigned int, int);
 
++    struct magic *, size_t, unsigned int, int, int);
 
+ private int magiccheck(struct magic_set *, struct magic *);
 
+ private int32_t mprint(struct magic_set *, struct magic *);
 
+ private int32_t moffset(struct magic_set *, struct magic *);
 
+@@ -67,13 +67,13 @@
 
+ /*ARGSUSED1*/		/* nbytes passed for regularity, maybe need later */
 
+ protected int
 
+ file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes,
 
+-    int mode, int text)
 
++    size_t level, int mode, int text)
 
+ {
 
+ 	struct mlist *ml;
 
+ 	int rv;
 
+ 	for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next)
 
+ 		if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode,
 
+-		    text)) != 0)
 
++		    text, level)) != 0)
 
+ 			return rv;
 
+ 
+ 	return 0;
 
+@@ -108,7 +108,8 @@
 
+  */
 
+ private int
 
+ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
 
+-    const unsigned char *s, size_t nbytes, int mode, int text)
 
++    const unsigned char *s, size_t nbytes, int mode, int text,
 
++    int recursion_level)
 
+ {
 
+ 	uint32_t magindex = 0;
 
+ 	unsigned int cont_level = 0;
 
+@@ -140,7 +141,7 @@
 
+ 		ms->line = m->lineno;
 
+ 
+ 		/* if main entry matches, print it... */
 
+-		switch (mget(ms, s, m, nbytes, cont_level, text)) {
 
++		switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) {
 
+ 		case -1:
 
+ 			return -1;
 
+ 		case 0:
 
+@@ -223,7 +224,7 @@
 
+ 					continue;
 
+ 			}
 
+ #endif
 
+-			switch (mget(ms, s, m, nbytes, cont_level, text)) {
 
++			switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) {
 
+ 			case -1:
 
+ 				return -1;
 
+ 			case 0:
 
+@@ -1018,12 +1019,18 @@
 
+ 
+ private int
 
+ mget(struct magic_set *ms, const unsigned char *s,
 
+-    struct magic *m, size_t nbytes, unsigned int cont_level, int text)
 
++    struct magic *m, size_t nbytes, unsigned int cont_level, int text,
 
++    int recursion_level)
 
+ {
 
+ 	uint32_t offset = ms->offset;
 
+ 	uint32_t count = m->str_range;
 
+ 	union VALUETYPE *p = &ms->ms_value;
 
+ 
++        if (recursion_level >= 20) {
 
++                file_error(ms, 0, "recursion nesting exceeded");
 
++                return -1;
 
++        }
 
++
 
+ 	if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1)
 
+ 		return -1;
 
+ 
+@@ -1577,13 +1584,15 @@
 
+ 		break;
 
+ 
+ 	case FILE_INDIRECT:
 
++		if (offset == 0)
 
++			return 0;
 
+ 	  	if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
 
+ 		    file_printf(ms, "%s", m->desc) == -1)
 
+ 			return -1;
 
+ 		if (nbytes < offset)
 
+ 			return 0;
 
+ 		return file_softmagic(ms, s + offset, nbytes - offset,
 
+-		    BINTEST, text);
 
++		    recursion_level, BINTEST, text);
 
+ 
+ 	case FILE_DEFAULT:	/* nothing to check */
 
+ 	default:
 
+--- a/src/ascmagic.c
 
++++ b/src/ascmagic.c
 
+@@ -147,7 +147,7 @@
 
+ 		    == NULL)
 
+ 			goto done;
 
+ 		if ((rv = file_softmagic(ms, utf8_buf,
 
+-		    (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0)
 
++		    (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0)
 
+ 			rv = -1;
 
+ 	}
 
+ 
+--- a/src/file.h
 
++++ b/src/file.h
 
+@@ -414,7 +414,7 @@
 
+     unichar **, size_t *, const char **, const char **, const char **);
 
+ protected int file_is_tar(struct magic_set *, const unsigned char *, size_t);
 
+ protected int file_softmagic(struct magic_set *, const unsigned char *, size_t,
 
+-    int, int);
 
++    size_t, int, int);
 
+ protected struct mlist *file_apprentice(struct magic_set *, const char *, int);
 
+ protected uint64_t file_signextend(struct magic_set *, struct magic *,
 
+     uint64_t);
 
+--- a/src/funcs.c
 
++++ b/src/funcs.c
 
+@@ -228,7 +228,7 @@
 
+ 
+ 	/* try soft magic tests */
 
+ 	if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0)
 
+-		if ((m = file_softmagic(ms, ubuf, nb, BINTEST,
 
++		if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST,
 
+ 		    looks_text)) != 0) {
 
+ 			if ((ms->flags & MAGIC_DEBUG) != 0)
 
+ 				(void)fprintf(stderr, "softmagic %d\n", m);

+ 1 - 0
debian/patches/series
View File 

@@ -1,3 +1,4 @@
 
 01-file-localmagic.patch
 
 01-file-localmagic.patch
 
 02-file-make.patch
 
 02-file-make.patch
 
 03-doc-manpages.patch
 
 03-doc-manpages.patch
 
+CVE-2014-1943.patch