git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: 589e8a64e0
Branches Tags
file
/
debian
/
patches
/
CVE-2014-8117.4.90018fe.patch

CVE-2014-8117.4.90018fe.patch 4.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 
  1. Subject: Bump recursion to 15, and allow it to be set from the command line
    2. 

  2. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    3. 

  3. Date: Thu Nov 27 15:40:36 2014 +0000
    4. 

  4. Origin: FILE5_20-34-g90018fe
    5. 

  5. Last-Update: 2015-01-09
    6. 

  6. 

  7. --- a/src/file.c
    8. 

  8. +++ b/src/file.c
    9. 

  9. @@ -106,7 +106,7 @@
    10. 

  10.  #undef OPT_LONGONLY
    11. 

  11.      {0, 0, NULL, 0}
    12. 

  12.  };
    13. 

  13. -#define OPTSTRING	"bcCde:f:F:hikLm:nNprsvz0"
    14. 

  14. +#define OPTSTRING	"bcCde:f:F:hikLm:nNprR:svz0"
    15. 

  15.  
    16. 

  16.  private const struct {
    17. 

  17.  	const char *name;
    18. 

  18. @@ -144,6 +144,7 @@
    19. 

  19.  	size_t i;
    20. 

  20.  	int action = 0, didsomefiles = 0, errflg = 0;
    21. 

  21.  	int flags = 0, e = 0;
    22. 

  22. +	size_t max_recursion = 0;
    23. 

  23.  	struct magic_set *magic = NULL;
    24. 

  24.  	int longindex;
    25. 

  25.  	const char *magicfile = NULL;		/* where the magic is	*/
    26. 

  26. @@ -244,6 +245,9 @@
    27. 

  27.  		case 'r':
    28. 

  28.  			flags |= MAGIC_RAW;
    29. 

  29.  			break;
    30. 

  30. +		case 'R':
    31. 

  31. +			max_recursion = atoi(optarg);
    32. 

  32. +			break;
    33. 

  33.  		case 's':
    34. 

  34.  			flags |= MAGIC_DEVICES;
    35. 

  35.  			break;
    36. 

  36. @@ -303,6 +307,15 @@
    37. 

  37.  		if (magic == NULL)
    38. 

  38.  			if ((magic = load(magicfile, flags)) == NULL)
    39. 

  39.  				return 1;
    40. 

  40. +		if (max_recursion) {
    41. 

  41. +			if (magic_setparam(magic, MAGIC_PARAM_MAX_RECURSION,
    42. 

  42. +			    &max_recursion) == -1) {
    43. 

  43. +				(void)fprintf(stderr,
    44. 

  44. +				    "%s: Can't set recurision %s\n", progname,
    45. 

  45. +				    strerror(errno));
    46. 

  46. +				return 1;
    47. 

  47. +			}
    48. 

  48. +		}
    49. 

  49.  		break;
    50. 

  50.  	}
    51. 

  51.  
    52. 

  52. --- a/src/file.h
    53. 

  53. +++ b/src/file.h
    54. 

  54. @@ -363,6 +363,8 @@
    55. 

  55.  	/* FIXME: Make the string dynamically allocated so that e.g.
    56. 

  56.  	   strings matched in files can be longer than MAXstring */
    57. 

  57.  	union VALUETYPE ms_value;	/* either number or string */
    58. 

  58. +	size_t max_recursion;
    59. 

  59. +#define	FILE_MAX_RECURSION	15
    60. 

  60.  };
    61. 

  61.  
    62. 

  62.  /* Type for Unicode characters */
    63. 

  63. --- a/src/file_opts.h
    64. 

  64. +++ b/src/file_opts.h
    65. 

  65. @@ -43,6 +43,7 @@
    66. 

  66.  OPT('p', "preserve-date", 0, "        preserve access times on files\n")
    67. 

  67.  #endif
    68. 

  68.  OPT('r', "raw", 0, "                  don't translate unprintable chars to \\ooo\n")
    69. 

  69. +OPT('R', "recursion", 0, "            set maximum recursion level\n")
    70. 

  70.  OPT('s', "special-files", 0, "        treat special (block/char devices) files as\n"
    71. 

  71.      "                             ordinary ones\n")
    72. 

  72.  OPT('C', "compile", 0, "              compile file specified by -m\n")
    73. 

  73. --- a/src/magic.c
    74. 

  74. +++ b/src/magic.c
    75. 

  75. @@ -142,6 +142,7 @@
    76. 

  76.  	ms->mlist = NULL;
    77. 

  77.  	ms->file = "unknown";
    78. 

  78.  	ms->line = 0;
    79. 

  79. +	ms->max_recursion = FILE_MAX_RECURSION;
    80. 

  80.  	return ms;
    81. 

  81.  free:
    82. 

  82.  	free(ms);
    83. 

  83. @@ -410,3 +411,29 @@
    84. 

  84.  	ms->flags = flags;
    85. 

  85.  	return 0;
    86. 

  86.  }
    87. 

  87. +
    88. 

  88. +public int
    89. 

  89. +magic_setparam(struct magic_set *ms, int param, const void *val)
    90. 

  90. +{
    91. 

  91. +	switch (param) {
    92. 

  92. +	case MAGIC_PARAM_MAX_RECURSION:
    93. 

  93. +		ms->max_recursion = *(const size_t *)val;
    94. 

  94. +		return 0;
    95. 

  95. +	default:
    96. 

  96. +		errno = EINVAL;
    97. 

  97. +		return -1;
    98. 

  98. +	}
    99. 

  99. +}
    100. 

  100. +
    101. 

  101. +public int
    102. 

  102. +magic_getparam(struct magic_set *ms, int param, void *val)
    103. 

  103. +{
    104. 

  104. +	switch (param) {
    105. 

  105. +	case MAGIC_PARAM_MAX_RECURSION:
    106. 

  106. +		*(size_t *)val = ms->max_recursion;
    107. 

  107. +		return 0;
    108. 

  108. +	default:
    109. 

  109. +		errno = EINVAL;
    110. 

  110. +		return -1;
    111. 

  111. +	}
    112. 

  112. +}
    113. 

  113. --- a/src/magic.h
    114. 

  114. +++ b/src/magic.h
    115. 

  115. @@ -82,6 +82,10 @@
    116. 

  116.  int magic_check(magic_t, const char *);
    117. 

  117.  int magic_errno(magic_t);
    118. 

  118.  
    119. 

  119. +#define MAGIC_PARAM_MAX_RECURSION	0
    120. 

  120. +int magic_setparam(magic_t, int, const void *);
    121. 

  121. +int magic_getparam(magic_t, int, void *);
    122. 

  122. +
    123. 

  123.  #ifdef __cplusplus
    124. 

  124.  };
    125. 

  125.  #endif
    126. 

  126. --- a/src/softmagic.c
    127. 

  127. +++ b/src/softmagic.c
    128. 

  128. @@ -43,9 +43,9 @@
    129. 

  129.  
    130. 

  130.  
    131. 

  131.  private int match(struct magic_set *, struct magic *, uint32_t,
    132. 

  132. -    const unsigned char *, size_t, int, int);
    133. 

  133. +    const unsigned char *, size_t, int, size_t);
    134. 

  134.  private int mget(struct magic_set *, const unsigned char *,
    135. 

  135. -    struct magic *, size_t, unsigned int, int);
    136. 

  136. +    struct magic *, size_t, unsigned int, size_t);
    137. 

  137.  private int magiccheck(struct magic_set *, struct magic *);
    138. 

  138.  private int32_t mprint(struct magic_set *, struct magic *);
    139. 

  139.  private int32_t moffset(struct magic_set *, struct magic *);
    140. 

  140. @@ -62,8 +62,6 @@
    141. 

  141.  
    142. 

  142.  #define OFFSET_OOB(n, o, i)	((n) < (o) || (i) > ((n) - (o)))
    143. 

  143.  
    144. 

  144. -#define MAX_RECURSION_LEVEL	10
    145. 

  145. -
    146. 

  146.  /*
    147. 

  147.   * softmagic - lookup one file in parsed, in-memory copy of database
    148. 

  148.   * Passed the name and FILE * of one file to be typed.
    149. 

  149. @@ -110,7 +108,7 @@
    150. 

  150.   */
    151. 

  151.  private int
    152. 

  152.  match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
    153. 

  153. -    const unsigned char *s, size_t nbytes, int mode, int recursion_level)
    154. 

  154. +    const unsigned char *s, size_t nbytes, int mode, size_t recursion_level)
    155. 

  155.  {
    156. 

  156.  	uint32_t magindex = 0;
    157. 

  157.  	unsigned int cont_level = 0;
    158. 

  158. @@ -1049,7 +1047,7 @@
    159. 

  159.  
    160. 

  160.  private int
    161. 

  161.  mget(struct magic_set *ms, const unsigned char *s,
    162. 

  162. -    struct magic *m, size_t nbytes, unsigned int cont_level, int recursion_level)
    163. 

  163. +    struct magic *m, size_t nbytes, unsigned int cont_level, size_t recursion_level)
    164. 

  164.  {
    165. 

  165.  	uint32_t offset = ms->offset;
    166. 

  166.  	file_pushbuf_t *pb;
    167. 

  167. @@ -1057,7 +1055,7 @@
    168. 

  168.  	char *rbuf;
    169. 

  169.  	union VALUETYPE *p = &ms->ms_value;
    170. 

  170.  
    171. 

  171. -	if (recursion_level >= MAX_RECURSION_LEVEL) {
    172. 

  172. +	if (recursion_level >= ms->max_recursion) {
    173. 

  173.                  file_error(ms, 0, "recursion nesting exceeded");
    174. 

  174.                  return -1;
    175. 

  175.          }
    176.