From a4962a430f8e3c761fb81537bb113c8c539c8f9f Mon Sep 17 00:00:00 2001 From: Reuben Thomas Date: Thu, 30 Oct 2008 10:50:24 +0000 Subject: [PATCH] Fix output of charset in MIME type: precede by semi-colon. Fixes Debian bug #501460. Fix potential attacks via conversion specifications in magic strings. --- ChangeLog | 6 ++++++ doc/file.man | 4 ++-- src/ascmagic.c | 14 +++++++------- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 693cc641..310bad56 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,12 @@ printed, and to return correct code if MIME type is printed (1, not 0) or if there's an error (-1 not 1). + * Fix output of charset for MIME type (precede with semi-colon; + fixes Debian bug #501460). + + * Fix potential attacks via conversion specifications in magic + strings. + 2008-10-18 16:45 Christos Zoulas * Added APPLE file creator/type diff --git a/doc/file.man b/doc/file.man index ec2512d6..77522410 100644 --- a/doc/file.man +++ b/doc/file.man @@ -1,4 +1,4 @@ -.\" $File: file.man,v 1.75 2008/10/09 17:25:01 christos Exp $ +.\" $File: file.man,v 1.76 2008/10/18 20:47:47 christos Exp $ .Dd October 9, 2008 .Dt FILE __CSECTION__ .Os @@ -219,7 +219,7 @@ is not defined. .It Fl i , -mime Causes the file command to output mime type strings rather than the more traditional human readable ones. Thus it may say -.Dq text/plain charset=us-ascii +.Dq text/plain; charset=us-ascii rather than .Dq ASCII text . In order for this option to work, file changes the way diff --git a/src/ascmagic.c b/src/ascmagic.c index 4efd1956..792cbf18 100644 --- a/src/ascmagic.c +++ b/src/ascmagic.c @@ -49,7 +49,7 @@ #include "names.h" #ifndef lint -FILE_RCSID("@(#)$File: ascmagic.c,v 1.66 2008/10/16 16:31:16 christos Exp $") +FILE_RCSID("@(#)$File: ascmagic.c,v 1.67 2008/10/18 20:47:48 christos Exp $") #endif /* lint */ #define MAXLINELEN 300 /* longest sane line length */ @@ -271,7 +271,7 @@ subtype_identified: if (mime) { if (mime & MAGIC_MIME_TYPE) { if (subtype_mime) { - if (file_printf(ms, subtype_mime) == -1) + if (file_printf(ms, "%s", subtype_mime) == -1) goto done; } else { if (file_printf(ms, "text/plain") == -1) @@ -281,9 +281,9 @@ subtype_identified: if ((mime == 0 || mime == MAGIC_MIME) && code_mime) { if ((mime & MAGIC_MIME_TYPE) && - file_printf(ms, " charset=") == -1) + file_printf(ms, "; charset=") == -1) goto done; - if (file_printf(ms, code_mime) == -1) + if (file_printf(ms, "%s", code_mime) == -1) goto done; } @@ -291,19 +291,19 @@ subtype_identified: if (file_printf(ms, "%s", encoding) == -1) goto done; } else { - if (file_printf(ms, code) == -1) + if (file_printf(ms, "%s", code) == -1) goto done; if (subtype) { if (file_printf(ms, " ") == -1) goto done; - if (file_printf(ms, subtype) == -1) + if (file_printf(ms, "%s", subtype) == -1) goto done; } if (file_printf(ms, " ") == -1) goto done; - if (file_printf(ms, type) == -1) + if (file_printf(ms, "%s", type) == -1) goto done; if (has_long_lines) -- 2.40.0