From b9bbc26011fa5be83d88b3abae153866fef9c5d5 Mon Sep 17 00:00:00 2001 From: Christos Zoulas Date: Fri, 11 Sep 2015 17:24:09 +0000 Subject: [PATCH] PR/474: Add a limit to the size of regex searches to prevent performance issues. --- ChangeLog | 4 ++++ doc/file.man | 5 +++-- doc/libmagic.man | 5 +++-- src/apprentice.c | 3 ++- src/file.c | 3 ++- src/file.h | 4 +++- src/magic.c | 8 +++++++- src/softmagic.c | 4 +++- 8 files changed, 27 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2a83abc3..8b980bad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2015-09-11 13:25 Christos Zoulas + + * add a limit to the length of regex searches + 2015-09-08 9:50 Christos Zoulas * fix problems with --parameter (Christoph Biedl) diff --git a/doc/file.man b/doc/file.man index 01e1fc2e..74518ee6 100644 --- a/doc/file.man +++ b/doc/file.man @@ -1,5 +1,5 @@ -.\" $File: file.man,v 1.116 2015/06/03 18:21:24 christos Exp $ -.Dd June 3, 2015 +.\" $File: file.man,v 1.117 2015/06/03 19:51:27 christos Exp $ +.Dd September 11, 2015 .Dt FILE __CSECTION__ .Os .Sh NAME @@ -316,6 +316,7 @@ Set various parameter limits. .It Li elf_notes Ta 256 Ta max ELF notes processed .It Li elf_phnum Ta 128 Ta max ELF program sections processed .It Li elf_shnum Ta 32768 Ta max ELF sections processed +.It Li regex Ta 8192 Ta length limit for regex searches .El .It Fl r , Fl Fl raw Don't translate unprintable characters to \eooo. diff --git a/doc/libmagic.man b/doc/libmagic.man index a5c8e2e1..0cbcd4da 100644 --- a/doc/libmagic.man +++ b/doc/libmagic.man @@ -1,4 +1,4 @@ -.\" $File: libmagic.man,v 1.36 2015/04/10 15:36:01 christos Exp $ +.\" $File: libmagic.man,v 1.37 2015/06/03 18:21:24 christos Exp $ .\" .\" Copyright (c) Christos Zoulas 2003. .\" All Rights Reserved. @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 3, 2015 +.Dd September 11, 2015 .Dt LIBMAGIC 3 .Os .Sh NAME @@ -291,6 +291,7 @@ library. .It Li MAGIC_PARAM_ELF_NOTES_MAX Ta size_t Ta 256 .It Li MAGIC_PARAM_ELF_PHNUM_MAX Ta size_t Ta 128 .It Li MAGIC_PARAM_ELF_SHNUM_MAX Ta size_t Ta 32768 +.It Li MAGIC_PARAM_REGEX_MAX Ta size_t Ta 8192 .El .Pp The diff --git a/src/apprentice.c b/src/apprentice.c index d9eb11df..1d895c4e 100644 --- a/src/apprentice.c +++ b/src/apprentice.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: apprentice.c,v 1.235 2015/09/10 13:59:47 christos Exp $") +FILE_RCSID("@(#)$File: apprentice.c,v 1.236 2015/09/10 14:39:55 christos Exp $") #endif /* lint */ #include "magic.h" @@ -531,6 +531,7 @@ file_ms_alloc(int flags) ms->elf_shnum_max = FILE_ELF_SHNUM_MAX; ms->elf_phnum_max = FILE_ELF_PHNUM_MAX; ms->elf_notes_max = FILE_ELF_NOTES_MAX; + ms->regex_max = FILE_REGEX_MAX; return ms; free: free(ms); diff --git a/src/file.c b/src/file.c index 7502f5f1..2dd5e535 100644 --- a/src/file.c +++ b/src/file.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: file.c,v 1.165 2015/06/11 12:52:32 christos Exp $") +FILE_RCSID("@(#)$File: file.c,v 1.166 2015/09/08 13:46:49 christos Exp $") #endif /* lint */ #include "magic.h" @@ -131,6 +131,7 @@ private struct { { "elf_phnum", MAGIC_PARAM_ELF_PHNUM_MAX, 0 }, { "elf_shnum", MAGIC_PARAM_ELF_SHNUM_MAX, 0 }, { "elf_notes", MAGIC_PARAM_ELF_NOTES_MAX, 0 }, + { "regex", MAGIC_PARAM_REGEX_MAX, 0 }, }; private char *progname; /* used throughout */ diff --git a/src/file.h b/src/file.h index cad8fb33..842a09ea 100644 --- a/src/file.h +++ b/src/file.h @@ -27,7 +27,7 @@ */ /* * file.h - definitions for file(1) program - * @(#)$File: file.h,v 1.170 2015/08/28 08:32:51 christos Exp $ + * @(#)$File: file.h,v 1.171 2015/08/30 14:16:33 christos Exp $ */ #ifndef __file_h__ @@ -415,11 +415,13 @@ struct magic_set { uint16_t elf_shnum_max; uint16_t elf_phnum_max; uint16_t elf_notes_max; + uint16_t regex_max; #define FILE_INDIR_MAX 15 #define FILE_NAME_MAX 30 #define FILE_ELF_SHNUM_MAX 32768 #define FILE_ELF_PHNUM_MAX 2048 #define FILE_ELF_NOTES_MAX 256 +#define FILE_REGEX_MAX 8192 }; /* Type for Unicode characters */ diff --git a/src/magic.c b/src/magic.c index 59b7e45b..30faa8a0 100644 --- a/src/magic.c +++ b/src/magic.c @@ -33,7 +33,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: magic.c,v 1.93 2015/04/15 23:47:58 christos Exp $") +FILE_RCSID("@(#)$File: magic.c,v 1.94 2015/07/11 14:41:37 christos Exp $") #endif /* lint */ #include "magic.h" @@ -603,6 +603,9 @@ magic_setparam(struct magic_set *ms, int param, const void *val) case MAGIC_PARAM_ELF_NOTES_MAX: ms->elf_notes_max = (uint16_t)*(const size_t *)val; return 0; + case MAGIC_PARAM_REGEX_MAX: + ms->elf_notes_max = (uint16_t)*(const size_t *)val; + return 0; default: errno = EINVAL; return -1; @@ -628,6 +631,9 @@ magic_getparam(struct magic_set *ms, int param, void *val) case MAGIC_PARAM_ELF_NOTES_MAX: *(size_t *)val = ms->elf_notes_max; return 0; + case MAGIC_PARAM_REGEX_MAX: + *(size_t *)val = ms->regex_max; + return 0; default: errno = EINVAL; return -1; diff --git a/src/softmagic.c b/src/softmagic.c index d6a04ddd..750beece 100644 --- a/src/softmagic.c +++ b/src/softmagic.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: softmagic.c,v 1.216 2015/06/09 22:17:52 christos Exp $") +FILE_RCSID("@(#)$File: softmagic.c,v 1.217 2015/07/27 09:08:10 christos Exp $") #endif /* lint */ #include "magic.h" @@ -1102,6 +1102,8 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, if (bytecnt == 0 || bytecnt > nbytes - offset) bytecnt = nbytes - offset; + if (bytecnt > ms->regex_max) + bytecnt = ms->regex_max; buf = RCAST(const char *, s) + offset; end = last = RCAST(const char *, s) + bytecnt + offset; -- 2.40.0