[PHP-CVS] cvs: php-src(PHP_5_3) /ext/fileinfo/libmagic funcs.c softmagic.c

[Scott MacVicar]

scottmacThu Nov  6 03:00:04 2008 UTC

  Modified files:  (Branch: PHP_5_3)
/php-src/ext/fileinfo/libmagic  funcs.c softmagic.c 
  Log:
  MFH: Fix buffer overread in libmagic and sync a skipped change from 4.26
  
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/fileinfo/libmagic/funcs.c?r1=1.3.2.5&r2=1.3.2.6&diff_format=u
Index: php-src/ext/fileinfo/libmagic/funcs.c
diff -u php-src/ext/fileinfo/libmagic/funcs.c:1.3.2.5 
php-src/ext/fileinfo/libmagic/funcs.c:1.3.2.6
--- php-src/ext/fileinfo/libmagic/funcs.c:1.3.2.5   Mon Sep  1 18:56:06 2008
+++ php-src/ext/fileinfo/libmagic/funcs.c   Thu Nov  6 03:00:04 2008
@@ -151,6 +151,7 @@
 {
int m;
int mime = ms->flags & MAGIC_MIME;
+   const unsigned char *ubuf = buf;
 
if (nb == 0) {
if ((!mime || (mime & MAGIC_MIME_TYPE)) &&
@@ -182,15 +183,15 @@
 #if PHP_FILEINFO_UNCOMPRESS
/* try compression stuff */
if ((ms->flags & MAGIC_NO_CHECK_COMPRESS) != 0 ||
-   (m = file_zmagic(ms, stream, inname, buf, nb)) == 0) 
+   (m = file_zmagic(ms, stream, inname, ubuf, nb)) == 0) 
 #endif
{
/* Check if we have a tar file */
-   if ((ms->flags & MAGIC_NO_CHECK_TAR) != 0 || (m = 
file_is_tar(ms, buf, nb)) == 0) {
+   if ((ms->flags & MAGIC_NO_CHECK_TAR) != 0 || (m = 
file_is_tar(ms, ubuf, nb)) == 0) {
/* try tests in /etc/magic (or surrogate magic file) */
-   if ((ms->flags & MAGIC_NO_CHECK_SOFT) != 0 || (m = 
file_softmagic(ms, buf, nb, BINTEST)) == 0) {
+   if ((ms->flags & MAGIC_NO_CHECK_SOFT) != 0 || (m = 
file_softmagic(ms, ubuf, nb, BINTEST)) == 0) {
/* try known keywords, check whether it is 
ASCII */
-   if ((ms->flags & MAGIC_NO_CHECK_ASCII) != 0 || 
(m = file_ascmagic(ms, buf, nb)) == 0) {
+   if ((ms->flags & MAGIC_NO_CHECK_ASCII) != 0 || 
(m = file_ascmagic(ms, ubuf, nb)) == 0) {
/* abandon hope, all ye who remain here 
*/
if ((!mime || (mime & MAGIC_MIME_TYPE)) 
&& file_printf(ms, mime ? "application/octet-stream" : "data") == -1) {
return -1;
@@ -211,7 +212,7 @@
 * information from the ELF headers that cannot easily
 * be extracted with rules in the magic file.
 */
-   (void)file_tryelf(ms, stream, buf, nb);
+   (void)file_tryelf(ms, stream, ubuf, nb);
}
 #endif
return m;
http://cvs.php.net/viewvc.cgi/php-src/ext/fileinfo/libmagic/softmagic.c?r1=1.1.2.7&r2=1.1.2.8&diff_format=u
Index: php-src/ext/fileinfo/libmagic/softmagic.c
diff -u php-src/ext/fileinfo/libmagic/softmagic.c:1.1.2.7 
php-src/ext/fileinfo/libmagic/softmagic.c:1.1.2.8
--- php-src/ext/fileinfo/libmagic/softmagic.c:1.1.2.7   Sun Nov  2 16:13:49 2008
+++ php-src/ext/fileinfo/libmagic/softmagic.c   Thu Nov  6 03:00:04 2008
@@ -185,8 +185,8 @@
if (file_check_mem(ms, ++cont_level) == -1)
return -1;
 
-   while (magic[magindex+1].cont_level != 0 &&
-   ++magindex < nmagic) {
+   while (magindex < nmagic - 1 && magic[magindex + 1].cont_level 
!= 0) {
+   magindex++;
m = &magic[magindex];
ms->line = m->lineno; /* for messages */
 
@@ -783,6 +783,7 @@
const char *c;
const char *last;   /* end of search region */
const char *buf;/* start of search region */
+   const char *end;
size_t lines;
 
if (s == NULL) {
@@ -791,10 +792,10 @@
return 0;
}
buf = (const char *)s + offset;
-   last = (const char *)s + nbytes;
+   end = last = (const char *)s + nbytes;
/* mget() guarantees buf <= last */
for (lines = linecnt, b = buf;
-lines && ((b = strchr(c = b, '\n')) || (b = 
strchr(c, '\r')));
+lines && ((b = memchr(c = b, '\n', end - b)) || (b 
= memchr(c, '\r', end - c)));
 lines--, b++) {
last = b;
if (b[0] == '\r' && b[1] == '\n')



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_3) /ext/fileinfo/libmagic funcs.c

[Felipe Pena]

felipe  Wed Aug 27 00:17:27 2008 UTC

  Modified files:  (Branch: PHP_5_3)
/php-src/ext/fileinfo/libmagic  funcs.c 
  Log:
  - MFH: Fixed crash in file_error_core()
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/fileinfo/libmagic/funcs.c?r1=1.3.2.2&r2=1.3.2.3&diff_format=u
Index: php-src/ext/fileinfo/libmagic/funcs.c
diff -u php-src/ext/fileinfo/libmagic/funcs.c:1.3.2.2 
php-src/ext/fileinfo/libmagic/funcs.c:1.3.2.3
--- php-src/ext/fileinfo/libmagic/funcs.c:1.3.2.2   Tue Aug 26 12:23:29 2008
+++ php-src/ext/fileinfo/libmagic/funcs.c   Wed Aug 27 00:17:27 2008
@@ -52,7 +52,6 @@
 file_printf(struct magic_set *ms, const char *fmt, ...)
 {
va_list ap;
-   size_t size;
int len;
char *buf = NULL, *newstr;
 
@@ -81,17 +80,32 @@
 file_error_core(struct magic_set *ms, int error, const char *f, va_list va,
 uint32_t lineno)
 {
+   char *buf = NULL;
+   
/* Only the first error is ok */
-   if (ms->haderr)
+   if (ms->haderr) {
return;
+   }
+   
if (lineno != 0) {
efree(ms->o.buf);
ms->o.buf = NULL;
file_printf(ms, "line %u: ", lineno);
}
-file_printf(ms, f, va);
-   if (error > 0)
-   file_printf(ms, " (%s)", strerror(error));
+
+   vspprintf(&buf, 0, f, va);
+   va_end(va);
+   
+   if (error > 0) {
+   file_printf(ms, "%s (%s)", (*buf ? buf : ""), strerror(error));
+   } else if (*buf) {
+   file_printf(ms, "%s", buf);
+   }
+   
+   if (buf) {
+   efree(buf);
+   }
+
ms->haderr++;
ms->error = error;
 }



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_3) /ext/fileinfo/libmagic funcs.c

[Antony Dovgal]

tony2001Sun Aug 10 19:48:54 2008 UTC

  Modified files:  (Branch: PHP_5_3)
/php-src/ext/fileinfo/libmagic  funcs.c 
  Log:
  MFH
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/fileinfo/libmagic/funcs.c?r1=1.3&r2=1.3.2.1&diff_format=u
Index: php-src/ext/fileinfo/libmagic/funcs.c
diff -u php-src/ext/fileinfo/libmagic/funcs.c:1.3 
php-src/ext/fileinfo/libmagic/funcs.c:1.3.2.1
--- php-src/ext/fileinfo/libmagic/funcs.c:1.3   Fri Jul 25 08:16:03 2008
+++ php-src/ext/fileinfo/libmagic/funcs.c   Sun Aug 10 19:48:54 2008
@@ -37,6 +37,10 @@
 #include 
 #endif
 
+#ifndef SIZE_MAX 
+# define SIZE_MAX ((size_t) -1) 
+#endif
+
 #ifndeflint
 FILE_RCSID("@(#)$File: funcs.c,v 1.39 2008/03/01 22:21:49 rrt Exp $")
 #endif /* lint */



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php