add a limit to the number of times a name/use entries can be used.

diff --git a/doc/file.man b/doc/file.man
index f9dd2e18e68679d0da1e61b902a01c20b921a1e3..455226c6405dd69b1dd8cd4f99a8835f877eb249 100644 (file)
--- a/doc/file.man
+++ b/doc/file.man
@@ -1,4 +1,4 @@
-.\" $File: file.man,v 1.107 2014/11/27 16:15:06 christos Exp $
+.\" $File: file.man,v 1.108 2014/11/27 23:42:58 christos Exp $
 .Dd November 27, 2014
 .Dt FILE __CSECTION__
 .Os
@@ -306,10 +306,11 @@ attempt to preserve the access time of files analyzed, to pretend that
 never read them.
 .It Fl P , Fl Fl parameter Ar name=value
 Set various parameter limits.
-.Bl -column "indir" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -offset indent
+.Bl -column "namenum" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -offset indent
 .It Sy "Name" Ta Sy "Default" Ta Sy "Explanation"
 .It Li indir Ta 15 Ta recursion limit for indirect magic
 .It Li name Ta 40 Ta recursion limit for name/use magic
+.It Li namenum Ta 30 Ta use count limit for name/use magic
 .It Li phnum Ta 128 Ta max ELF program sections processed
 .It Li shnum Ta 32768 Ta max ELF sections processed
 .El

diff --git a/doc/libmagic.man b/doc/libmagic.man
index 1cf0710970dd1308cfabe505fa8831837205189f..a5ec6c2d40a9fab278e16d0249e5fe9b90ee2155 100644 (file)
--- a/doc/libmagic.man
+++ b/doc/libmagic.man
@@ -1,4 +1,4 @@
-.\" $File: libmagic.man,v 1.30 2014/11/27 16:15:06 christos Exp $
+.\" $File: libmagic.man,v 1.31 2014/11/27 23:42:58 christos Exp $
 .\"
 .\" Copyright (c) Christos Zoulas 2003.
 .\" All Rights Reserved.
@@ -284,6 +284,7 @@ library.
 .It Sy "Parameter" Ta Sy "Type" Ta Sy "Default"
 .It Li MAGIC_PARAM_INDIR_RECURSION Ta size_t Ta 15
 .It Li MAGIC_PARAM_NAME_RECURSION Ta size_t Ta 40
+.It Li MAGIC_PARAM_NAME_MAX Ta size_t Ta 30
 .It Li MAGIC_PARAM_PHNUM_MAX Ta size_t Ta 128
 .It Li MAGIC_PARAM_SHNUM_MAX Ta size_t Ta 32768
 .El
@@ -299,6 +300,10 @@ parameter controls how many levels of recursion will be followed for
 for name/use calls.
 .Pp
 The
+.Dv MAGIC_PARAM_NAME_MAX
+parameter controls the maximum number of calls for name/use.
+.Pp
+The
 .Dv MAGIC_PARAM_PHNUM_MAX
 parameter controls how many elf program sections will be processed.
 .Pp

diff --git a/src/apprentice.c b/src/apprentice.c
index c75e229848af30d775751312881d3f3ad0f72ec4..82dcd6689681d098f49d7e0c8e9b689f0c0144e5 100644 (file)
--- a/src/apprentice.c
+++ b/src/apprentice.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: apprentice.c,v 1.224 2014/11/27 15:40:36 christos Exp $")
+FILE_RCSID("@(#)$File: apprentice.c,v 1.225 2014/11/27 23:42:58 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -526,6 +526,7 @@ file_ms_alloc(int flags)
        ms->line = 0;
        ms->indir_recursion = FILE_INDIR_RECURSION;
        ms->name_recursion = FILE_NAME_RECURSION;
+       ms->name_max = FILE_NAME_MAX;
        ms->shnum_max = FILE_ELF_SHNUM;
        ms->phnum_max = FILE_ELF_PHNUM;
        return ms;

diff --git a/src/ascmagic.c b/src/ascmagic.c
index ba214664733288a41a35965c7cc7c7416c225f0c..6dc224c6469720745ba94789281063330a8518f9 100644 (file)
--- a/src/ascmagic.c
+++ b/src/ascmagic.c
@@ -35,7 +35,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: ascmagic.c,v 1.88 2014/02/12 23:20:53 christos Exp $")
+FILE_RCSID("@(#)$File: ascmagic.c,v 1.89 2014/11/27 23:42:58 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -147,7 +147,8 @@ file_ascmagic_with_encoding(struct magic_set *ms, const unsigned char *buf,
                    == NULL)
                        goto done;
                if ((rv = file_softmagic(ms, utf8_buf,
-                   (size_t)(utf8_end - utf8_buf), 0, 0, TEXTTEST, text)) == 0)
+                   (size_t)(utf8_end - utf8_buf), 0, 0, NULL,
+                   TEXTTEST, text)) == 0)
                        rv = -1;
        }
 

diff --git a/src/file.c b/src/file.c
index 832a44340fe3f7dc69b9e70000e3cba78f06a48b..67e214de9fcd121eea159d6b6949d95d6780b25c 100644 (file)
--- a/src/file.c
+++ b/src/file.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: file.c,v 1.156 2014/11/27 15:40:36 christos Exp $")
+FILE_RCSID("@(#)$File: file.c,v 1.157 2014/11/27 23:42:58 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -123,6 +123,7 @@ private struct {
 } pm[] = {
        { "indir",      MAGIC_PARAM_INDIR_RECURSION, 0 },
        { "name",       MAGIC_PARAM_NAME_RECURSION, 0 },
+       { "namenum",    MAGIC_PARAM_NAME_MAX, 0 },
        { "phnum",      MAGIC_PARAM_PHNUM_MAX, 0 },
        { "shnum",      MAGIC_PARAM_SHNUM_MAX, 0 },
 };

diff --git a/src/file.h b/src/file.h
index c4336bde6b73130684c85d278a4ae7b36c77d32f..ccbe7f36749d46a4592631af67d856ee5a0717e4 100644 (file)
--- a/src/file.h
+++ b/src/file.h
@@ -27,7 +27,7 @@
  */
 /*
  * file.h - definitions for file(1) program
- * @(#)$File: file.h,v 1.157 2014/11/27 15:40:36 christos Exp $
+ * @(#)$File: file.h,v 1.158 2014/11/27 23:42:58 christos Exp $
  */
 
 #ifndef __file_h__
@@ -403,12 +403,14 @@ struct magic_set {
        union VALUETYPE ms_value;       /* either number or string */
        uint16_t indir_recursion;
        uint16_t name_recursion;
+       uint16_t name_max;
        uint16_t shnum_max;
        uint16_t phnum_max;
 #define        FILE_INDIR_RECURSION    15
 #define        FILE_NAME_RECURSION     40
-#define FILE_ELF_SHNUM         32768
-#define FILE_ELF_PHNUM         128
+#define        FILE_NAME_MAX           30
+#define        FILE_ELF_SHNUM          32768
+#define        FILE_ELF_PHNUM          128
 };
 
 /* Type for Unicode characters */
@@ -448,7 +450,7 @@ protected int file_encoding(struct magic_set *, const unsigned char *, size_t,
     unichar **, size_t *, const char **, const char **, const char **);
 protected int file_is_tar(struct magic_set *, const unsigned char *, size_t);
 protected int file_softmagic(struct magic_set *, const unsigned char *, size_t,
-    uint16_t, uint16_t, int, int);
+    uint16_t, uint16_t, uint16_t *, int, int);
 protected int file_apprentice(struct magic_set *, const char *, int);
 protected int buffer_apprentice(struct magic_set *, struct magic **,
     size_t *, size_t);

diff --git a/src/funcs.c b/src/funcs.c
index 6ba4c3cbb08e787528df7a48d02c68abc0bd6a2c..5fbb5e229b6186e0fe66b9a7b4d7cd4759119bd2 100644 (file)
--- a/src/funcs.c
+++ b/src/funcs.c
@@ -27,7 +27,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: funcs.c,v 1.74 2014/11/23 13:54:27 christos Exp $")
+FILE_RCSID("@(#)$File: funcs.c,v 1.75 2014/11/27 23:42:58 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -227,7 +227,7 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu
 
        /* try soft magic tests */
        if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0)
-               if ((m = file_softmagic(ms, ubuf, nb, 0, 0, BINTEST,
+               if ((m = file_softmagic(ms, ubuf, nb, 0, 0, NULL, BINTEST,
                    looks_text)) != 0) {
                        if ((ms->flags & MAGIC_DEBUG) != 0)
                                (void)fprintf(stderr, "softmagic %d\n", m);

diff --git a/src/magic.c b/src/magic.c
index ce6452cc66e7e31c38d3bdaea3cd1dfae0d04a89..f5fad8db851cfe483eac9e5f2013dc1e6ceab488 100644 (file)
--- a/src/magic.c
+++ b/src/magic.c
@@ -33,7 +33,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: magic.c,v 1.86 2014/11/27 15:40:36 christos Exp $")
+FILE_RCSID("@(#)$File: magic.c,v 1.87 2014/11/27 23:42:58 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -547,6 +547,9 @@ magic_setparam(struct magic_set *ms, int param, const void *val)
        case MAGIC_PARAM_NAME_RECURSION:
                ms->name_recursion = *(const size_t *)val;
                return 0;
+       case MAGIC_PARAM_NAME_MAX:
+               ms->name_max = *(const size_t *)val;
+               return 0;
        case MAGIC_PARAM_PHNUM_MAX:
                ms->phnum_max = *(const size_t *)val;
                return 0;
@@ -569,6 +572,9 @@ magic_getparam(struct magic_set *ms, int param, void *val)
        case MAGIC_PARAM_NAME_RECURSION:
                *(size_t *)val = ms->name_recursion;
                return 0;
+       case MAGIC_PARAM_NAME_MAX:
+               *(size_t *)val = ms->name_max;
+               return 0;
        case MAGIC_PARAM_PHNUM_MAX:
                *(size_t *)val = ms->phnum_max;
                return 0;

diff --git a/src/magic.h.in b/src/magic.h.in
index ddd9253572e00a2e71918a80462329e306d7effb..3b8bc1e85ccc4de172d1a87f54c1357fc5fafe9f 100644 (file)
--- a/src/magic.h.in
+++ b/src/magic.h.in
@@ -105,8 +105,9 @@ int magic_errno(magic_t);
 
 #define MAGIC_PARAM_INDIR_RECURSION    0
 #define MAGIC_PARAM_NAME_RECURSION     1
-#define MAGIC_PARAM_PHNUM_MAX          2
-#define MAGIC_PARAM_SHNUM_MAX          3
+#define MAGIC_PARAM_NAME_MAX           2
+#define MAGIC_PARAM_PHNUM_MAX          3
+#define MAGIC_PARAM_SHNUM_MAX          4
 
 int magic_setparam(magic_t, int, const void *);
 int magic_getparam(magic_t, int, void *);

diff --git a/src/softmagic.c b/src/softmagic.c
index 3e48578fc0b92b1c0288e5e6845561366ca84103..a0dc67cbae5f82ba8d5d130c9a58bb8bd757f8e0 100644 (file)
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.199 2014/11/27 15:40:36 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.200 2014/11/27 23:42:58 christos Exp $")
 #endif /* lint */
 
 #include "magic.h"
@@ -44,10 +44,10 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.199 2014/11/27 15:40:36 christos Exp $")
 
 private int match(struct magic_set *, struct magic *, uint32_t,
     const unsigned char *, size_t, size_t, int, int, int, uint16_t, uint16_t,
-    int *, int *, int *);
+    uint16_t *, int *, int *, int *);
 private int mget(struct magic_set *, const unsigned char *,
     struct magic *, size_t, size_t, unsigned int, int, int, int, uint16_t,
-    uint16_t, int *, int *, int *);
+    uint16_t, uint16_t *, int *, int *, int *);
 private int magiccheck(struct magic_set *, struct magic *);
 private int32_t mprint(struct magic_set *, struct magic *);
 private int32_t moffset(struct magic_set *, struct magic *);
@@ -71,15 +71,22 @@ private void cvt_64(union VALUETYPE *, const struct magic *);
 /*ARGSUSED1*/          /* nbytes passed for regularity, maybe need later */
 protected int
 file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes,
-    uint16_t indir_level, uint16_t name_level, int mode, int text)
+    uint16_t indir_level, uint16_t name_level, uint16_t *name_count,
+       int mode, int text)
 {
        struct mlist *ml;
        int rv, printed_something = 0, need_separator = 0;
+       uint16_t nc;
+
+       if (name_count == NULL) {
+               nc = 0;
+               name_count = &nc;
+       }
 
        for (ml = ms->mlist[0]->next; ml != ms->mlist[0]; ml = ml->next)
                if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, 0, mode,
-                   text, 0, indir_level, name_level, &printed_something,
-                   &need_separator, NULL)) != 0)
+                   text, 0, indir_level, name_level, name_count,
+                   &printed_something, &need_separator, NULL)) != 0)
                        return rv;
 
        return 0;
@@ -134,8 +141,8 @@ file_fmtcheck(struct magic_set *ms, const struct magic *m, const char *def,
 private int
 match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
     const unsigned char *s, size_t nbytes, size_t offset, int mode, int text,
-    int flip, uint16_t indir_level, uint16_t name_level, int *printed_something,
-    int *need_separator, int *returnval)
+    int flip, uint16_t indir_level, uint16_t name_level, uint16_t *name_count,
+    int *printed_something, int *need_separator, int *returnval)
 {
        uint32_t magindex = 0;
        unsigned int cont_level = 0;
@@ -172,8 +179,8 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
 
                /* if main entry matches, print it... */
                switch (mget(ms, s, m, nbytes, offset, cont_level, mode, text,
-                   flip, indir_level, name_level, printed_something,
-                   need_separator, returnval)) {
+                   flip, indir_level, name_level, name_count,
+                   printed_something, need_separator, returnval)) {
                case -1:
                        return -1;
                case 0:
@@ -261,7 +268,7 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
                        }
 #endif
                        switch (mget(ms, s, m, nbytes, offset, cont_level, mode,
-                           text, flip, indir_level, name_level,
+                           text, flip, indir_level, name_level, name_count,
                            printed_something, need_separator, returnval)) {
                        case -1:
                                return -1;
@@ -1215,8 +1222,8 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
 private int
 mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
     size_t nbytes, size_t o, unsigned int cont_level, int mode, int text,
-    int flip, uint16_t indir_level, uint16_t name_level, int *printed_something,
-    int *need_separator, int *returnval)
+    int flip, uint16_t indir_level, uint16_t name_level, uint16_t *name_count,
+    int *printed_something, int *need_separator, int *returnval)
 {
        uint32_t offset = ms->offset;
        uint32_t lhs;
@@ -1238,14 +1245,22 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
                return -1;
        }
 
+       if (*name_count >= ms->name_max) {
+               file_error(ms, 0, "name use count (%hu) exceeded",
+                   *name_count);
+               return -1;
+       }
+
        if (mcopy(ms, p, m->type, m->flag & INDIR, s, (uint32_t)(offset + o),
            (uint32_t)nbytes, m) == -1)
                return -1;
 
        if ((ms->flags & MAGIC_DEBUG) != 0) {
                fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, o=%"
-                   SIZE_T_FORMAT "u, " "nbytes=%" SIZE_T_FORMAT "u)\n",
-                   m->type, m->flag, offset, o, nbytes);
+                   SIZE_T_FORMAT "u, " "nbytes=%" SIZE_T_FORMAT
+                   "u, il=%hu, nl=%hu nc=%hu)\n",
+                   m->type, m->flag, offset, o, nbytes,
+                   indir_level, name_level, *name_count);
                mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE));
 #ifndef COMPILE_ONLY
                file_mdump(m);
@@ -1686,7 +1701,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
                        return -1;
 
                rv = file_softmagic(ms, s + offset, nbytes - offset,
-                   indir_level + 1, name_level, BINTEST, text);
+                   indir_level + 1, name_level, name_count, BINTEST, text);
 
                if ((ms->flags & MAGIC_DEBUG) != 0)
                        fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv);
@@ -1721,12 +1736,12 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
                        file_error(ms, 0, "cannot find entry `%s'", rbuf);
                        return -1;
                }
-
+               (*name_count)++;
                oneed_separator = *need_separator;
                if (m->flag & NOSPACE)
                        *need_separator = 0;
                rv = match(ms, ml.magic, ml.nmagic, s, nbytes, offset + o,
-                   mode, text, flip, indir_level, name_level + 1,
+                   mode, text, flip, indir_level, name_level + 1, name_count,
                    printed_something, need_separator, returnval);
                if (rv != 1)
                    *need_separator = oneed_separator;