Fix output of charset in MIME type: precede by semi-colon. Fixes

Debian bug #501460.

Fix potential attacks via conversion specifications in magic strings.

diff --git a/ChangeLog b/ChangeLog
index 693cc641419cde3796ff9958b9624b122ecca6c4..310bad56e2b2f4adc5bec50dd330f0d516d7826a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,12 @@
          printed, and to return correct code if MIME type is
          printed (1, not 0) or if there's an error (-1 not 1).
 
+       * Fix output of charset for MIME type (precede with semi-colon;
+         fixes Debian bug #501460).
+
+       * Fix potential attacks via conversion specifications in magic
+         strings.
+
 2008-10-18 16:45  Christos Zoulas <christos@astron.com>
 
        * Added APPLE file creator/type

diff --git a/doc/file.man b/doc/file.man
index ec2512d618be4b024bedcb6db34b12b8d18213c1..77522410981dd2c5e98b6884130d403a6b70c2b9 100644 (file)
--- a/doc/file.man
+++ b/doc/file.man
@@ -1,4 +1,4 @@
-.\" $File: file.man,v 1.75 2008/10/09 17:25:01 christos Exp $
+.\" $File: file.man,v 1.76 2008/10/18 20:47:47 christos Exp $
 .Dd October 9, 2008
 .Dt FILE __CSECTION__
 .Os
@@ -219,7 +219,7 @@ is not defined.
 .It Fl i , -mime
 Causes the file command to output mime type strings rather than the more
 traditional human readable ones. Thus it may say
-.Dq text/plain charset=us-ascii
+.Dq text/plain; charset=us-ascii
 rather than
 .Dq ASCII text .
 In order for this option to work, file changes the way

diff --git a/src/ascmagic.c b/src/ascmagic.c
index 4efd1956236f9651da93d608072adb3d739b8830..792cbf18eedf73927d80a998bf36dce52d4ee38d 100644 (file)
--- a/src/ascmagic.c
+++ b/src/ascmagic.c
@@ -49,7 +49,7 @@
 #include "names.h"
 
 #ifndef        lint
-FILE_RCSID("@(#)$File: ascmagic.c,v 1.66 2008/10/16 16:31:16 christos Exp $")
+FILE_RCSID("@(#)$File: ascmagic.c,v 1.67 2008/10/18 20:47:48 christos Exp $")
 #endif /* lint */
 
 #define MAXLINELEN 300 /* longest sane line length */
@@ -271,7 +271,7 @@ subtype_identified:
        if (mime) {
                if (mime & MAGIC_MIME_TYPE) {
                        if (subtype_mime) {
-                               if (file_printf(ms, subtype_mime) == -1)
+                               if (file_printf(ms, "%s", subtype_mime) == -1)
                                        goto done;
                        } else {
                                if (file_printf(ms, "text/plain") == -1)
@@ -281,9 +281,9 @@ subtype_identified:
 
                if ((mime == 0 || mime == MAGIC_MIME) && code_mime) {
                        if ((mime & MAGIC_MIME_TYPE) &&
-                           file_printf(ms, " charset=") == -1)
+                           file_printf(ms, "; charset=") == -1)
                                goto done;
-                       if (file_printf(ms, code_mime) == -1)
+                       if (file_printf(ms, "%s", code_mime) == -1)
                                goto done;
                }
 
@@ -291,19 +291,19 @@ subtype_identified:
                        if (file_printf(ms, "%s", encoding) == -1)
                                goto done;
        } else {
-               if (file_printf(ms, code) == -1)
+               if (file_printf(ms, "%s", code) == -1)
                        goto done;
 
                if (subtype) {
                        if (file_printf(ms, " ") == -1)
                                goto done;
-                       if (file_printf(ms, subtype) == -1)
+                       if (file_printf(ms, "%s", subtype) == -1)
                                goto done;
                }
 
                if (file_printf(ms, " ") == -1)
                        goto done;
-               if (file_printf(ms, type) == -1)
+               if (file_printf(ms, "%s", type) == -1)
                        goto done;
 
                if (has_long_lines)