From: foobar <sniper@php.net>
Date: Thu, 15 Jan 2004 06:09:16 +0000 (+0000)
Subject: - Fixed bug #26844 (ext/mime_magic: magic file validation broken).
X-Git-Tag: php_ibase_before_split~203
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=124e6c8b6dc63c799a36a1300efdcfbff5b2faa9;p=php

- Fixed bug #26844 (ext/mime_magic: magic file validation broken).
---

diff --git a/NEWS b/NEWS
index ed8c930177..aca9fabcb0 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ PHP                                                                        NEWS
 - Fixed class name case preserving of user defined classes. (Marcus)
 - Fixed bug #26911 (crash in sqlite extension when fetching data from empty 
   queries). (Ilia)
+- Fixed bug #26844 (ext/mime_magic: magic file validation broken). (Jani)
 - Fixed bug #26819 (http_build_query() crashes on NULL output). (Ilia)
 - Fixed bug #26817 (http_build_query() does not handle private & protected 
   object properties correctly). (Ilia)
diff --git a/ext/mime_magic/mime_magic.c b/ext/mime_magic/mime_magic.c
index 97c67b0d8c..4c89fcc4ab 100644
--- a/ext/mime_magic/mime_magic.c
+++ b/ext/mime_magic/mime_magic.c
@@ -483,15 +483,21 @@ static unsigned long signextend(struct magic *m, unsigned long v)
 /*
  *
  */
-static int is_valid_mimetype(char *p)
+static int is_valid_mimetype(char *p, int p_len)
 {
-	do {
-		if(!isalnum(*p) && (*p != '-')) return 0;
-	} while(*(++p) != '/');
-	++p;
-	do {
-		if(!isalnum(*p) && (*p != '-')) return 0;
-	} while(*(++p));
+	if (p_len > 0) {
+		do {
+			if (!isalnum(*p) && (*p != '-') && (*p != '.')) {
+				return 0;
+			}
+		} while (*(++p) != '/');
+		++p;
+		do {
+			if (!isalnum(*p) && (*p != '-') && (*p != '.') && !isspace(*p)) {
+				return 0;
+			}
+		} while (*(++p));
+	}
 	return 1;
 }
 
@@ -710,9 +716,9 @@ static int parse(char *l, int lineno)
     else
 		m->nospflag = 0;
 
-	if(!is_valid_mimetype(l)) {
+	if (!is_valid_mimetype(l, strlen(l))) {
 		if(MIME_MAGIC_G(debug))
-			php_error_docref("http://www.php.net/mime_magic" TSRMLS_CC, E_WARNING, ": (%s:%d) '%s' is not a valid mimetype, etry skipped", MIME_MAGIC_G(magicfile), lineno, l);
+			php_error_docref("http://www.php.net/mime_magic" TSRMLS_CC, E_WARNING, ": (%s:%d) '%s' is not a valid mimetype, entry skipped", MIME_MAGIC_G(magicfile), lineno, l);
 		return -1;
 	}
 	
@@ -992,7 +998,7 @@ static char *rsl_strdup(int start_frag, int start_pos, int len)
     req_dat =  MIME_MAGIC_G(req_dat);
 
     /* allocate the result string */
-    result = (char *) emalloc(len + 1);
+    result = (char *) emalloc(len + 2);
 
     /* loop through and collect the string */
     res_pos = 0;