cbiedl
/
file


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
							Subject: Only print the description for indirect offsets if a match was found, and add the offset as the number to print
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Fri Apr 6 21:15:54 2012 +0000
Origin: FILE5_11-8-g0de3251
Last-Update: 2015-01-09

    - only print the description for indirect offsets if a match was found,
    and add the offset as the number to print.

(prequisite for CVE-2014-8117)

--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -1046,6 +1046,8 @@
     struct magic *m, size_t nbytes, unsigned int cont_level, int recursion_level)
 {
 	uint32_t offset = ms->offset;
+	int rv;
+	char *sbuf, *rbuf;
 	union VALUETYPE *p = &ms->ms_value;
 
         if (recursion_level >= 20) {
@@ -1609,13 +1611,26 @@
 	case FILE_INDIRECT:
 		if (offset == 0)
 			return 0;
-	  	if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
-		    file_printf(ms, "%s", m->desc) == -1)
-			return -1;
-		if (OFFSET_OOB(nbytes, offset, 0))
+		if (nbytes < offset)
 			return 0;
-		return file_softmagic(ms, s + offset, nbytes - offset,
+		sbuf = ms->o.buf;
+		ms->o.buf = NULL;
+		rv = file_softmagic(ms, s + offset, nbytes - offset,
 		    recursion_level, BINTEST);
+		if ((ms->flags & MAGIC_DEBUG) != 0)
+			fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv);
+		if (rv == 1) {
+			rbuf = ms->o.buf;
+			ms->o.buf = sbuf;
+			if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
+			    file_printf(ms, m->desc, offset) == -1)
+				return -1;
+			if (file_printf(ms, "%s", rbuf) == -1)
+				return -1;
+			free(rbuf);
+		} else
+			ms->o.buf = sbuf;
+		return rv;
 
 	case FILE_DEFAULT:	/* nothing to check */
 	default: