|
|
417a11 |
diff --git a/src/softmagic.c b/src/softmagic.c
|
|
|
417a11 |
index 56f09ee..8d08cad 100644
|
|
|
417a11 |
--- a/src/softmagic.c
|
|
|
417a11 |
+++ b/src/softmagic.c
|
|
|
417a11 |
@@ -61,6 +61,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
|
|
|
417a11 |
private void cvt_32(union VALUETYPE *, const struct magic *);
|
|
|
417a11 |
private void cvt_64(union VALUETYPE *, const struct magic *);
|
|
|
417a11 |
|
|
|
417a11 |
+#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o)))
|
|
|
417a11 |
/*
|
|
|
417a11 |
* softmagic - lookup one file in parsed, in-memory copy of database
|
|
|
417a11 |
* Passed the name and FILE * of one file to be typed.
|
|
|
417a11 |
@@ -1081,7 +1082,7 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
}
|
|
|
417a11 |
switch (m->in_type) {
|
|
|
417a11 |
case FILE_BYTE:
|
|
|
417a11 |
- if (nbytes < (offset + 1))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 1))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
if (off) {
|
|
|
417a11 |
switch (m->in_op & FILE_OPS_MASK) {
|
|
|
417a11 |
@@ -1116,7 +1117,8 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
offset = ~offset;
|
|
|
417a11 |
break;
|
|
|
417a11 |
case FILE_BESHORT:
|
|
|
417a11 |
- if (nbytes < (offset + 2))
|
|
|
417a11 |
+
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 2))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
if (off) {
|
|
|
417a11 |
switch (m->in_op & FILE_OPS_MASK) {
|
|
|
417a11 |
@@ -1168,7 +1170,7 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
offset = ~offset;
|
|
|
417a11 |
break;
|
|
|
417a11 |
case FILE_LESHORT:
|
|
|
417a11 |
- if (nbytes < (offset + 2))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 2))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
if (off) {
|
|
|
417a11 |
switch (m->in_op & FILE_OPS_MASK) {
|
|
|
417a11 |
@@ -1220,7 +1222,7 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
offset = ~offset;
|
|
|
417a11 |
break;
|
|
|
417a11 |
case FILE_SHORT:
|
|
|
417a11 |
- if (nbytes < (offset + 2))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 2))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
if (off) {
|
|
|
417a11 |
switch (m->in_op & FILE_OPS_MASK) {
|
|
|
417a11 |
@@ -1257,7 +1259,7 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
break;
|
|
|
417a11 |
case FILE_BELONG:
|
|
|
417a11 |
case FILE_BEID3:
|
|
|
417a11 |
- if (nbytes < (offset + 4))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 4))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
if (off) {
|
|
|
417a11 |
switch (m->in_op & FILE_OPS_MASK) {
|
|
|
417a11 |
@@ -1328,7 +1330,7 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
break;
|
|
|
417a11 |
case FILE_LELONG:
|
|
|
417a11 |
case FILE_LEID3:
|
|
|
417a11 |
- if (nbytes < (offset + 4))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 4))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
if (off) {
|
|
|
417a11 |
switch (m->in_op & FILE_OPS_MASK) {
|
|
|
417a11 |
@@ -1398,7 +1400,7 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
offset = ~offset;
|
|
|
417a11 |
break;
|
|
|
417a11 |
case FILE_MELONG:
|
|
|
417a11 |
- if (nbytes < (offset + 4))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 4))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
if (off) {
|
|
|
417a11 |
switch (m->in_op & FILE_OPS_MASK) {
|
|
|
417a11 |
@@ -1468,7 +1470,7 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
offset = ~offset;
|
|
|
417a11 |
break;
|
|
|
417a11 |
case FILE_LONG:
|
|
|
417a11 |
- if (nbytes < (offset + 4))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 4))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
if (off) {
|
|
|
417a11 |
switch (m->in_op & FILE_OPS_MASK) {
|
|
|
417a11 |
@@ -1535,14 +1537,14 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
/* Verify we have enough data to match magic type */
|
|
|
417a11 |
switch (m->type) {
|
|
|
417a11 |
case FILE_BYTE:
|
|
|
417a11 |
- if (nbytes < (offset + 1)) /* should alway be true */
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 1))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
break;
|
|
|
417a11 |
|
|
|
417a11 |
case FILE_SHORT:
|
|
|
417a11 |
case FILE_BESHORT:
|
|
|
417a11 |
case FILE_LESHORT:
|
|
|
417a11 |
- if (nbytes < (offset + 2))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 2))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
break;
|
|
|
417a11 |
|
|
|
417a11 |
@@ -1561,26 +1563,26 @@ mget(struct magic_set *ms, const unsigned char *s,
|
|
|
417a11 |
case FILE_FLOAT:
|
|
|
417a11 |
case FILE_BEFLOAT:
|
|
|
417a11 |
case FILE_LEFLOAT:
|
|
|
417a11 |
- if (nbytes < (offset + 4))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 4))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
break;
|
|
|
417a11 |
|
|
|
417a11 |
case FILE_DOUBLE:
|
|
|
417a11 |
case FILE_BEDOUBLE:
|
|
|
417a11 |
case FILE_LEDOUBLE:
|
|
|
417a11 |
- if (nbytes < (offset + 8))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 8))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
break;
|
|
|
417a11 |
|
|
|
417a11 |
case FILE_STRING:
|
|
|
417a11 |
case FILE_PSTRING:
|
|
|
417a11 |
case FILE_SEARCH:
|
|
|
417a11 |
- if (nbytes < (offset + m->vallen))
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, m->vallen))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
break;
|
|
|
417a11 |
|
|
|
417a11 |
case FILE_REGEX:
|
|
|
417a11 |
- if (nbytes < offset)
|
|
|
417a11 |
+ if (OFFSET_OOB(nbytes, offset, 0))
|
|
|
417a11 |
return 0;
|
|
|
417a11 |
break;
|
|
|
417a11 |
|