From: Christos Zoulas <christos@zoulas.com>
Date: Wed, 1 Jun 2016 22:01:15 +0000 (+0000)
Subject: PR/550: Segv on DER parsing:
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c6a06e20f89fe2a909711dfe5f69e9315f66afce;p=file

PR/550: Segv on DER parsing:
- use the correct variable for length
- set offset to 0 on failure.
---

diff --git a/src/der.c b/src/der.c
index af5f1494..f36606b9 100644
--- a/src/der.c
+++ b/src/der.c
@@ -35,7 +35,7 @@
 #include "file.h"
 
 #ifndef lint
-FILE_RCSID("@(#)$File: der.c,v 1.6 2016/04/21 14:26:03 christos Exp $")
+FILE_RCSID("@(#)$File: der.c,v 1.7 2016/06/01 22:01:15 christos Exp $")
 #endif
 #endif
 
@@ -221,7 +221,7 @@ int32_t
 der_offs(struct magic_set *ms, struct magic *m, size_t nbytes)
 {
 	const uint8_t *b = CAST(const void *, ms->search.s);
-	size_t offs = 0, len = ms->search.rm_len ? ms->search.rm_len : nbytes;
+	size_t offs = 0, len = ms->search.s_len ? ms->search.s_len : nbytes;
 
 	if (gettag(b, &offs, len) == DER_BAD)
 		return -1;
diff --git a/src/softmagic.c b/src/softmagic.c
index 2ceb26c7..153fffa2 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.231 2016/04/21 15:23:31 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.232 2016/06/01 22:01:15 christos Exp $")
 #endif	/* lint */
 
 #include "magic.h"
@@ -827,6 +827,7 @@ moffset(struct magic_set *ms, struct magic *m, size_t nbytes, int32_t *op)
 					    "Bad DER offset %d nbytes=%zu",
 					    o, nbytes);
 				}
+				*op = 0;
 				return 0;
 			}
 			break;