git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: e5edc64de6
Branches Tags
file
/
debian
/
patches
/
cherry-pick.FILE5_25-1-g7e60111.pr-479-check-the-format-length-modifiers.patch

cherry-pick.FILE5_25-1-g7e60111.pr-479-check-the-format-length-modifiers.patch 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201 
  1. Subject: PR/479: check the format length modifiers
    2. 

  2. Origin: FILE5_25-1-g7e60111
    3. 

  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Wed Sep 16 18:21:26 2015 +0000
    5. 

  5. 

  6. --- a/src/apprentice.c
    7. 

  7. +++ b/src/apprentice.c
    8. 

  8. @@ -143,7 +143,7 @@
    9. 

  9.  private void apprentice_unmap(struct magic_map *);
    10. 

  10.  private int apprentice_compile(struct magic_set *, struct magic_map *,
    11. 

  11.      const char *);
    12. 

  12. -private int check_format_type(const char *, int);
    13. 

  13. +private int check_format_type(const char *, int, const char **);
    14. 

  14.  private int check_format(struct magic_set *, struct magic *);
    15. 

  15.  private int get_op(char);
    16. 

  16.  private int parse_mime(struct magic_set *, struct magic_entry *, const char *);
    17. 

  17. @@ -2298,11 +2298,13 @@
    18. 

  18.  }
    19. 

  19.  
    20. 

  20.  private int
    21. 

  21. -check_format_type(const char *ptr, int type)
    22. 

  22. +check_format_type(const char *ptr, int type, const char **estr)
    23. 

  23.  {
    24. 

  24.  	int quad = 0, h;
    25. 

  25. +	size_t len, cnt;
    26. 

  26.  	if (*ptr == '\0') {
    27. 

  27.  		/* Missing format string; bad */
    28. 

  28. +		*estr = "missing format spec";
    29. 

  29.  		return -1;
    30. 

  30.  	}
    31. 

  31.  
    32. 

  32. @@ -2339,15 +2341,22 @@
    33. 

  33.  			ptr++;
    34. 

  34.  		if (*ptr == '.')
    35. 

  35.  			ptr++;
    36. 

  36. -		while (isdigit((unsigned char)*ptr)) ptr++;
    37. 

  37. +#define CHECKLEN() do { \
    38. 

  38. +	for (len = cnt = 0; isdigit((unsigned char)*ptr); ptr++, cnt++) \
    39. 

  39. +		len = len * 10 + (*ptr - '0'); \
    40. 

  40. +	if (cnt > 10 || len > 1024) \
    41. 

  41. +		goto toolong; \
    42. 

  42. +} while (/*CONSTCOND*/0)
    43. 

  43. +
    44. 

  44. +		CHECKLEN();
    45. 

  45.  		if (*ptr == '.')
    46. 

  46.  			ptr++;
    47. 

  47. -		while (isdigit((unsigned char)*ptr)) ptr++;
    48. 

  48. +		CHECKLEN();
    49. 

  49.  		if (quad) {
    50. 

  50.  			if (*ptr++ != 'l')
    51. 

  51. -				return -1;
    52. 

  52. +				goto invalid;
    53. 

  53.  			if (*ptr++ != 'l')
    54. 

  54. -				return -1;
    55. 

  55. +				goto invalid;
    56. 

  56.  		}
    57. 

  57.  	
    58. 

  58.  		switch (*ptr++) {
    59. 

  59. @@ -2361,9 +2370,11 @@
    60. 

  60.  			case 'o':
    61. 

  61.  			case 'x':
    62. 

  62.  			case 'X':
    63. 

  63. -				return h != 0 ? -1 : 0;
    64. 

  64. +				if (h == 0)
    65. 

  65. +					return 0;
    66. 

  66. +				/*FALLTHROUGH*/
    67. 

  67.  			default:
    68. 

  68. -				return -1;
    69. 

  69. +				goto invalid;
    70. 

  70.  			}
    71. 

  71.  		
    72. 

  72.  		/*
    73. 

  73. @@ -2372,11 +2383,11 @@
    74. 

  74.  		 */
    75. 

  75.  		case 'h':
    76. 

  76.  			if (h-- <= 0)
    77. 

  77. -				return -1;
    78. 

  78. +				goto invalid;
    79. 

  79.  			switch (*ptr++) {
    80. 

  80.  			case 'h':
    81. 

  81.  				if (h-- <= 0)
    82. 

  82. -					return -1;
    83. 

  83. +					goto invalid;
    84. 

  84.  				switch (*ptr++) {
    85. 

  85.  				case 'i':
    86. 

  86.  				case 'd':
    87. 

  87. @@ -2386,7 +2397,7 @@
    88. 

  88.  				case 'X':
    89. 

  89.  					return 0;
    90. 

  90.  				default:
    91. 

  91. -					return -1;
    92. 

  92. +					goto invalid;
    93. 

  93.  				}
    94. 

  94.  			case 'i':
    95. 

  95.  			case 'd':
    96. 

  96. @@ -2394,13 +2405,17 @@
    97. 

  97.  			case 'o':
    98. 

  98.  			case 'x':
    99. 

  99.  			case 'X':
    100. 

  100. -				return h != 0 ? -1 : 0;
    101. 

  101. +				if (h == 0)
    102. 

  102. +					return 0;
    103. 

  103. +				/*FALLTHROUGH*/
    104. 

  104.  			default:
    105. 

  105. -				return -1;
    106. 

  106. +				goto invalid;
    107. 

  107.  			}
    108. 

  108.  #endif
    109. 

  109.  		case 'c':
    110. 

  110. -			return h != 2 ? -1 : 0;
    111. 

  111. +			if (h == 2)
    112. 

  112. +				return 0;
    113. 

  113. +			goto invalid;
    114. 

  114.  		case 'i':
    115. 

  115.  		case 'd':
    116. 

  116.  		case 'u':
    117. 

  117. @@ -2408,12 +2423,14 @@
    118. 

  118.  		case 'x':
    119. 

  119.  		case 'X':
    120. 

  120.  #ifdef STRICT_FORMAT
    121. 

  121. -			return h != 0 ? -1 : 0;
    122. 

  122. +			if (h == 0)
    123. 

  123. +				return 0;
    124. 

  124. +			/*FALLTHROUGH*/
    125. 

  125.  #else
    126. 

  126.  			return 0;
    127. 

  127.  #endif
    128. 

  128.  		default:
    129. 

  129. -			return -1;
    130. 

  130. +			goto invalid;
    131. 

  131.  		}
    132. 

  132.  		
    133. 

  133.  	case FILE_FMT_FLOAT:
    134. 

  134. @@ -2422,11 +2439,10 @@
    135. 

  135.  			ptr++;
    136. 

  136.  		if (*ptr == '.')
    137. 

  137.  			ptr++;
    138. 

  138. -		while (isdigit((unsigned char)*ptr)) ptr++;
    139. 

  139. +		CHECKLEN();
    140. 

  140.  		if (*ptr == '.')
    141. 

  141.  			ptr++;
    142. 

  142. -		while (isdigit((unsigned char)*ptr)) ptr++;
    143. 

  143. -	
    144. 

  144. +		CHECKLEN();
    145. 

  145.  		switch (*ptr++) {
    146. 

  146.  		case 'e':
    147. 

  147.  		case 'E':
    148. 

  148. @@ -2437,7 +2453,7 @@
    149. 

  149.  			return 0;
    150. 

  150.  			
    151. 

  151.  		default:
    152. 

  152. -			return -1;
    153. 

  153. +			goto invalid;
    154. 

  154.  		}
    155. 

  155.  		
    156. 

  156.  
    157. 

  157. @@ -2456,14 +2472,17 @@
    158. 

  158.  		case 's':
    159. 

  159.  			return 0;
    160. 

  160.  		default:
    161. 

  161. -			return -1;
    162. 

  162. +			goto invalid;
    163. 

  163.  		}
    164. 

  164.  		
    165. 

  165.  	default:
    166. 

  166.  		/* internal error */
    167. 

  167.  		abort();
    168. 

  168.  	}
    169. 

  169. -	/*NOTREACHED*/
    170. 

  170. +invalid:
    171. 

  171. +	*estr = "not valid";
    172. 

  172. +toolong:
    173. 

  173. +	*estr = "too long";
    174. 

  174.  	return -1;
    175. 

  175.  }
    176. 

  176.  	
    177. 

  177. @@ -2475,6 +2494,7 @@
    178. 

  178.  check_format(struct magic_set *ms, struct magic *m)
    179. 

  179.  {
    180. 

  180.  	char *ptr;
    181. 

  181. +	const char *estr;
    182. 

  182.  
    183. 

  183.  	for (ptr = m->desc; *ptr; ptr++)
    184. 

  184.  		if (*ptr == '%')
    185. 

  185. @@ -2498,13 +2518,13 @@
    186. 

  186.  	}
    187. 

  187.  
    188. 

  188.  	ptr++;
    189. 

  189. -	if (check_format_type(ptr, m->type) == -1) {
    190. 

  190. +	if (check_format_type(ptr, m->type, &estr) == -1) {
    191. 

  191.  		/*
    192. 

  192.  		 * TODO: this error message is unhelpful if the format
    193. 

  193.  		 * string is not one character long
    194. 

  194.  		 */
    195. 

  195. -		file_magwarn(ms, "Printf format `%c' is not valid for type "
    196. 

  196. -		    "`%s' in description `%s'", *ptr ? *ptr : '?',
    197. 

  197. +		file_magwarn(ms, "Printf format is %s for type "
    198. 

  198. +		    "`%s' in description `%s'", estr,
    199. 

  199.  		    file_names[m->type], m->desc);
    200. 

  200.  		return -1;
    201. 

  201.  	}
    202.