Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:3341
file.openSUSE_13.1_Update
0001-PR-313-Aaron-Reffett-Check-properly-for-ex...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-PR-313-Aaron-Reffett-Check-properly-for-exceeding-th.patch of Package file.openSUSE_13.1_Update
From 447558595a3650db2886cd2f416ad0beba965801 Mon Sep 17 00:00:00 2001 From: Christos Zoulas <christos@zoulas.com> Date: Wed, 8 Jan 2014 22:22:54 +0000 Subject: [PATCH] PR/313: Aaron Reffett: Check properly for exceeding the offset. --- src/softmagic.c | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git src/softmagic.c src/softmagic.c index ec71364..ac9c18b 100644 --- src/softmagic.c +++ src/softmagic.c @@ -71,6 +71,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *); private void cvt_32(union VALUETYPE *, const struct magic *); private void cvt_64(union VALUETYPE *, const struct magic *); +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o))) /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. @@ -1223,7 +1224,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, } switch (in_type = cvt_flip(m->in_type, flip)) { case FILE_BYTE: - if (nbytes < offset || nbytes < (offset + 1)) + if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1258,7 +1259,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, offset = ~offset; break; case FILE_BESHORT: - if (nbytes < offset || nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1310,7 +1311,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, offset = ~offset; break; case FILE_LESHORT: - if (nbytes < offset || nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1362,7 +1363,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, offset = ~offset; break; case FILE_SHORT: - if (nbytes < offset || nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1399,7 +1400,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, break; case FILE_BELONG: case FILE_BEID3: - if (nbytes < offset || nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1470,7 +1471,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, break; case FILE_LELONG: case FILE_LEID3: - if (nbytes < offset || nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1540,7 +1541,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, offset = ~offset; break; case FILE_MELONG: - if (nbytes < offset || nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1610,7 +1611,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, offset = ~offset; break; case FILE_LONG: - if (nbytes < offset || nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1687,14 +1688,14 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, /* Verify we have enough data to match magic type */ switch (m->type) { case FILE_BYTE: - if (nbytes < (offset + 1)) /* should alway be true */ + if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; @@ -1713,31 +1714,31 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - if (nbytes < (offset + 8)) + if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: - if (nbytes < (offset + m->vallen)) + if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; case FILE_REGEX: - if (nbytes < offset) + if (OFFSET_OOB(nbytes, offset, 0)) return 0; break; case FILE_INDIRECT: - if (nbytes < offset) + if (OFFSET_OOB(nbytes, offset, 0)) return 0; sbuf = ms->o.buf; soffset = ms->offset; @@ -1761,7 +1762,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, return rv; case FILE_USE: - if (nbytes < offset) + if (OFFSET_OOB(nbytes, offset, 0)) return 0; sbuf = m->value.s; if (*sbuf == '^') { -- 1.7.9.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor