Patch fix-encoding-memory-allocation-too-big for Filesystem function related Bug #78987

Patch version 2021-06-23 06:48 UTC

• 2021-06-23 06:48 UTC [diff to current]

Developer: andrei@davisinfo.ro

diff -u libmagic-backup/apprentice.c libmagic/apprentice.c
--- libmagic-backup/apprentice.c	2021-06-22 17:17:08.000000000 +0300
+++ libmagic/apprentice.c	2021-06-22 17:35:01.000000000 +0300
@@ -511,6 +511,7 @@
 	ms->elf_notes_max = FILE_ELF_NOTES_MAX;
 	ms->regex_max = FILE_REGEX_MAX;
 	ms->bytes_max = FILE_BYTES_MAX;
+	ms->encoding_max = FILE_ENCODING_MAX;
 	return ms;
 free:
 	efree(ms);
diff -u libmagic-backup/encoding.c libmagic/encoding.c
--- libmagic-backup/encoding.c	2021-06-22 17:17:08.000000000 +0300
+++ libmagic/encoding.c	2021-06-22 17:35:22.000000000 +0300
@@ -87,6 +87,9 @@
 	*code = "unknown";
 	*code_mime = "binary";
 
+	if (nbytes > ms->encoding_max)
+		nbytes = ms->encoding_max;
+
 	mlen = (nbytes + 1) * sizeof((*ubuf)[0]);
 	if ((*ubuf = CAST(unichar *, ecalloc((size_t)1, mlen))) == NULL) {
 		file_oomem(ms, mlen);
diff -u libmagic-backup/file.h libmagic/file.h
--- libmagic-backup/file.h	2021-06-22 17:17:08.000000000 +0300
+++ libmagic/file.h	2021-06-22 17:35:43.000000000 +0300
@@ -432,12 +432,14 @@
 	uint16_t elf_notes_max;
 	uint16_t regex_max;
 	size_t bytes_max;		/* number of bytes to read from file */
+    size_t encoding_max;		/* bytes to look for encoding */
 #define	FILE_INDIR_MAX			50
 #define	FILE_NAME_MAX			30
 #define	FILE_ELF_SHNUM_MAX		32768
 #define	FILE_ELF_PHNUM_MAX		2048
 #define	FILE_ELF_NOTES_MAX		256
 #define	FILE_REGEX_MAX			8192
+#define	FILE_ENCODING_MAX		(64 * 1024)
 };
 
 /* Type for Unicode characters */
diff -u libmagic-backup/magic.c libmagic/magic.c
--- libmagic-backup/magic.c	2021-06-22 17:17:08.000000000 +0300
+++ libmagic/magic.c	2021-06-22 17:36:57.000000000 +0300
@@ -8,7 +8,8 @@
  * 1. Redistributions of source code must retain the above copyright
  *    notice immediately at the beginning of the file, without modification,
  *    this list of conditions, and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
+ * 2. Redistributions in binary form must re
+ * produce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
@@ -382,6 +383,9 @@
 	case MAGIC_PARAM_BYTES_MAX:
 		ms->bytes_max = *(const size_t *)val;
 		return 0;
+    case MAGIC_PARAM_ENCODING_MAX:
+        ms->encoding_max = *CAST(const size_t *, val);
+        return 0;
 	default:
 		errno = EINVAL;
 		return -1;
@@ -413,6 +417,9 @@
 	case MAGIC_PARAM_BYTES_MAX:
 		*(size_t *)val = ms->bytes_max;
 		return 0;
+    case MAGIC_PARAM_ENCODING_MAX:
+        *(size_t *)val = ms->encoding_max;
+        return 0;
 	default:
 		errno = EINVAL;
 		return -1;
diff -u libmagic-backup/magic.h libmagic/magic.h
--- libmagic-backup/magic.h	2021-06-22 17:17:08.000000000 +0300
+++ libmagic/magic.h	2021-06-22 17:37:50.000000000 +0300
@@ -146,6 +146,7 @@
 #define MAGIC_PARAM_ELF_NOTES_MAX	4
 #define MAGIC_PARAM_REGEX_MAX		5
 #define	MAGIC_PARAM_BYTES_MAX		6
+#define	MAGIC_PARAM_ENCODING_MAX	7
 
 int magic_setparam(magic_t, int, const void *);
 int magic_getparam(magic_t, int, void *);