file/debian/patches/CVE-2014-8117.1.0de3251.patch

Subject: Only print the description for indirect offsets if a match was found, and add the offset as the number to print
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Fri Apr 6 21:15:54 2012 +0000
Origin: FILE5_11-8-g0de3251
Last-Update: 2015-01-05

    - only print the description for indirect offsets if a match was found,
    and add the offset as the number to print.

(prequisite for CVE-2014-8117)

diff --git a/src/softmagic.c b/src/softmagic.c
index c77b619..bcd7f02 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -1041,6 +1041,8 @@ mget(struct magic_set *ms, const unsigned char *s,
     int recursion_level)
 {
 	uint32_t offset = ms->offset;
+	int rv;
+	char *sbuf, *rbuf;
 	union VALUETYPE *p = &ms->ms_value;
 
         if (recursion_level >= 20) {
@@ -1604,13 +1606,26 @@ mget(struct magic_set *ms, const unsigned char *s,
 	case FILE_INDIRECT:
 		if (offset == 0)
 			return 0;
-	  	if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
-		    file_printf(ms, "%s", m->desc) == -1)
-			return -1;
-		if (OFFSET_OOB(nbytes, offset, 0))
+		if (nbytes < offset)
 			return 0;
-		return file_softmagic(ms, s + offset, nbytes - offset,
+		sbuf = ms->o.buf;
+		ms->o.buf = NULL;
+		rv = file_softmagic(ms, s + offset, nbytes - offset,
 		    recursion_level, BINTEST, text);
+		if ((ms->flags & MAGIC_DEBUG) != 0)
+			fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv);
+		if (rv == 1) {
+			rbuf = ms->o.buf;
+			ms->o.buf = sbuf;
+			if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
+			    file_printf(ms, m->desc, offset) == -1)
+				return -1;
+			if (file_printf(ms, "%s", rbuf) == -1)
+				return -1;
+			free(rbuf);
+		} else
+			ms->o.buf = sbuf;
+		return rv;
 
 	case FILE_DEFAULT:	/* nothing to check */
 	default: