diff -u libmagic.orig/apprentice.c libmagic/apprentice.c --- libmagic.orig/apprentice.c Thu Mar 21 18:45:14 2013 +++ libmagic/apprentice.c Sun Jan 4 17:02:29 2015 @@ -29,6 +29,8 @@ * apprentice - make one pass through /etc/magic, learning its secrets. */ +#include "php.h" + #include "file.h" #ifndef lint @@ -36,18 +38,30 @@ #endif /* lint */ #include "magic.h" +#include "patchlevel.h" #include -#ifdef HAVE_UNISTD_H + +#if defined(__hpux) && !defined(HAVE_STRTOULL) +#if SIZEOF_LONG == 8 +# define strtoull strtoul +#else +# define strtoull __strtoull +#endif +#endif + +#ifdef PHP_WIN32 +#include "win32/unistd.h" +#if _MSC_VER <= 1300 +# include "win32/php_strtoi64.h" +#endif +#define strtoull _strtoui64 +#else #include #endif #include #include #include #include -#ifdef QUICK -#include -#endif -#include #define EATAB {while (isascii((unsigned char) *l) && \ isspace((unsigned char) *l)) ++l;} @@ -143,38 +157,7 @@ { NULL, 0, NULL } }; -#ifdef COMPILE_ONLY - -int main(int, char *[]); - -int -main(int argc, char *argv[]) -{ - int ret; - struct magic_set *ms; - char *progname; - - if ((progname = strrchr(argv[0], '/')) != NULL) - progname++; - else - progname = argv[0]; - - if (argc != 2) { - (void)fprintf(stderr, "Usage: %s file\n", progname); - return 1; - } - - if ((ms = magic_open(MAGIC_CHECK)) == NULL) { - (void)fprintf(stderr, "%s: %s\n", progname, strerror(errno)); - return 1; - } - ret = magic_compile(ms, argv[1]) == -1 ? 1 : 0; - if (ret == 1) - (void)fprintf(stderr, "%s: %s\n", progname, magic_error(ms)); - magic_close(ms); - return ret; -} -#endif /* COMPILE_ONLY */ +#include "../data_file.c" struct type_tbl_s { const char name[16]; @@ -255,6 +238,10 @@ # undef XX # undef XX_NULL +#ifndef S_ISDIR +#define S_ISDIR(mode) ((mode) & _S_IFDIR) +#endif + private int get_type(const struct type_tbl_s *tbl, const char *l, const char **t) { @@ -378,7 +365,7 @@ { struct mlist *ml; - if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL) + if ((ml = CAST(struct mlist *, emalloc(sizeof(*ml)))) == NULL) return -1; ml->map = idx == 0 ? map : NULL; @@ -416,12 +403,13 @@ return apprentice_compile(ms, map, fn); } -#ifndef COMPILE_ONLY map = apprentice_map(ms, fn); if (map == NULL) { - if (ms->flags & MAGIC_CHECK) - file_magwarn(ms, "using regular magic file `%s'", fn); - map = apprentice_load(ms, fn, action); + if (fn) { + if (ms->flags & MAGIC_CHECK) + file_magwarn(ms, "using regular magic file `%s'", fn); + map = apprentice_load(ms, fn, action); + } if (map == NULL) return -1; } @@ -444,7 +432,6 @@ } return 0; -#endif /* COMPILE_ONLY */ } protected void @@ -455,10 +442,16 @@ return; for (i = 0; i < MAGIC_SETS; i++) mlist_free(ms->mlist[i]); - free(ms->o.pbuf); - free(ms->o.buf); - free(ms->c.li); - free(ms); + if (ms->o.pbuf) { + efree(ms->o.pbuf); + } + if (ms->o.buf) { + efree(ms->o.buf); + } + if (ms->c.li) { + efree(ms->c.li); + } + efree(ms); } protected struct magic_set * @@ -467,7 +460,7 @@ struct magic_set *ms; size_t i, len; - if ((ms = CAST(struct magic_set *, calloc((size_t)1, + if ((ms = CAST(struct magic_set *, ecalloc((size_t)1, sizeof(struct magic_set)))) == NULL) return NULL; @@ -479,7 +472,7 @@ ms->o.buf = ms->o.pbuf = NULL; len = (ms->c.len = 10) * sizeof(*ms->c.li); - if ((ms->c.li = CAST(struct level_info *, malloc(len))) == NULL) + if ((ms->c.li = CAST(struct level_info *, emalloc(len))) == NULL) goto free; ms->event_flags = 0; @@ -490,7 +483,7 @@ ms->line = 0; return ms; free: - free(ms); + efree(ms); return NULL; } @@ -499,22 +492,26 @@ { if (map == NULL) return; - if (map->p == NULL) - return; -#ifdef QUICK - if (map->len) - (void)munmap(map->p, map->len); - else -#endif - free(map->p); - free(map); + if (map->p != php_magic_database) { + if (map->p == NULL) { + int j; + for (j = 0; j < MAGIC_SETS; j++) { + if (map->magic[j]) { + efree(map->magic[j]); + } + } + } else { + efree(map->p); + } + } + efree(map); } private struct mlist * mlist_alloc(void) { struct mlist *mlist; - if ((mlist = CAST(struct mlist *, calloc(1, sizeof(*mlist)))) == NULL) { + if ((mlist = CAST(struct mlist *, ecalloc(1, sizeof(*mlist)))) == NULL) { return NULL; } mlist->next = mlist->prev = mlist; @@ -533,10 +530,10 @@ struct mlist *next = ml->next; if (ml->map) apprentice_unmap(ml->map); - free(ml); + efree(ml); ml = next; } - free(ml); + efree(ml); } /* const char *fn: list of magic files and directories */ @@ -546,13 +543,28 @@ char *p, *mfn; int file_err, errs = -1; size_t i; - +/* XXX disabling default magic loading so the compiled in data is used */ +#if 0 if ((fn = magic_getpath(fn, action)) == NULL) return -1; +#endif init_file_tables(); - if ((mfn = strdup(fn)) == NULL) { + if (fn == NULL) + fn = getenv("MAGIC"); + if (fn == NULL) { + for (i = 0; i < MAGIC_SETS; i++) { + mlist_free(ms->mlist[i]); + if ((ms->mlist[i] = mlist_alloc()) == NULL) { + file_oomem(ms, sizeof(*ms->mlist[i])); + return -1; + } + } + return apprentice_1(ms, fn, action); + } + + if ((mfn = estrdup(fn)) == NULL) { file_oomem(ms, strlen(fn)); return -1; } @@ -567,7 +579,7 @@ mlist_free(ms->mlist[i]); while (i != 0); } - free(mfn); + efree(mfn); return -1; } } @@ -584,7 +596,7 @@ fn = p; } - free(mfn); + efree(mfn); if (errs == -1) { for (i = 0; i < MAGIC_SETS; i++) { @@ -904,7 +916,7 @@ maxmagic[i] += ALLOC_INCR; if ((mp = CAST(struct magic_entry *, - realloc(mentry[i], sizeof(*mp) * maxmagic[i]))) == + erealloc(mentry[i], sizeof(*mp) * maxmagic[i]))) == NULL) { file_oomem(ms, sizeof(*mp) * maxmagic[i]); return -1; @@ -925,13 +937,24 @@ load_1(struct magic_set *ms, int action, const char *fn, int *errs, struct magic_entry **mentry, uint32_t *mentrycount) { - size_t lineno = 0, llen = 0; + char buffer[BUFSIZ + 1]; char *line = NULL; - ssize_t len; + size_t len; + size_t lineno = 0; struct magic_entry me; - FILE *f = fopen(ms->file = fn, "r"); - if (f == NULL) { + php_stream *stream; + + TSRMLS_FETCH(); + + ms->file = fn; +#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); +#endif + + if (stream == NULL) { if (errno != ENOENT) file_error(ms, errno, "cannot read magic file `%s'", fn); @@ -941,8 +964,7 @@ memset(&me, 0, sizeof(me)); /* read and parse this file */ - for (ms->line = 1; (len = getline(&line, &llen, f)) != -1; - ms->line++) { + for (ms->line = 1; (line = php_stream_get_line(stream, buffer , BUFSIZ, &len)) != NULL; ms->line++) { if (len == 0) /* null line, garbage, etc */ continue; if (line[len - 1] == '\n') { @@ -994,14 +1016,13 @@ goto again; default: (*errs)++; - break; - } + break; } } + } if (me.mp) (void)addentry(ms, &me, mentry, mentrycount); - free(line); - (void)fclose(f); + php_stream_close(stream); } /* @@ -1080,7 +1101,7 @@ mentrycount += me[i].cont_count; slen = sizeof(**ma) * mentrycount; - if ((*ma = CAST(struct magic *, malloc(slen))) == NULL) { + if ((*ma = CAST(struct magic *, emalloc(slen))) == NULL) { file_oomem(ms, slen); return -1; } @@ -1102,27 +1123,29 @@ if (me == NULL) return; for (i = 0; i < nme; i++) - free(me[i].mp); - free(me); + efree(me[i].mp); + efree(me); } private struct magic_map * apprentice_load(struct magic_set *ms, const char *fn, int action) { - int errs = 0; + int errs = 0; struct magic_entry *mentry[MAGIC_SETS] = { NULL }; uint32_t mentrycount[MAGIC_SETS] = { 0 }; uint32_t i, j; size_t files = 0, maxfiles = 0; - char **filearr = NULL, *mfn; + char **filearr = NULL; struct stat st; struct magic_map *map; - DIR *dir; - struct dirent *d; + php_stream *dir; + php_stream_dirent d; + + TSRMLS_FETCH(); ms->flags |= MAGIC_CHECK; /* Enable checks for parsed files */ - if ((map = CAST(struct magic_map *, calloc(1, sizeof(*map)))) == NULL) { + if ((map = CAST(struct magic_map *, ecalloc(1, sizeof(*map)))) == NULL) { file_oomem(ms, sizeof(*map)); return NULL; } @@ -1131,23 +1154,37 @@ if (action == FILE_CHECK) (void)fprintf(stderr, "%s\n", usg_hdr); + { + /* XXX the maxmagic has to be reset each time we load some new magic file. + Where file commando is used it's not essential as the CLI process + ends, multiple loading within the same process wouldn't work. */ + int k; + for (k = 0; k < MAGIC_SETS; k++) { + maxmagic[k] = 0; + } + } + /* load directory or file */ - if (stat(fn, &st) == 0 && S_ISDIR(st.st_mode)) { - dir = opendir(fn); + /* FIXME: Read file names and sort them to prevent + non-determinism. See Debian bug #488562. */ + if (php_sys_stat(fn, &st) == 0 && S_ISDIR(st.st_mode)) { + int mflen; + char mfn[MAXPATHLEN]; + + dir = php_stream_opendir((char *)fn, REPORT_ERRORS, NULL); if (!dir) { errs++; goto out; } - while ((d = readdir(dir)) != NULL) { - if (asprintf(&mfn, "%s/%s", fn, d->d_name) < 0) { + while (php_stream_readdir(dir, &d)) { + if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d.d_name)) < 0) { file_oomem(ms, - strlen(fn) + strlen(d->d_name) + 2); + strlen(fn) + strlen(d.d_name) + 2); errs++; - closedir(dir); + php_stream_closedir(dir); goto out; } if (stat(mfn, &st) == -1 || !S_ISREG(st.st_mode)) { - free(mfn); continue; } if (files >= maxfiles) { @@ -1155,24 +1192,23 @@ maxfiles = (maxfiles + 1) * 2; mlen = maxfiles * sizeof(*filearr); if ((filearr = CAST(char **, - realloc(filearr, mlen))) == NULL) { + erealloc(filearr, mlen))) == NULL) { file_oomem(ms, mlen); - free(mfn); - closedir(dir); + php_stream_closedir(dir); errs++; goto out; } } - filearr[files++] = mfn; + filearr[files++] = estrndup(mfn, (mflen > sizeof(mfn) - 1)? sizeof(mfn) - 1: mflen); } - closedir(dir); + php_stream_closedir(dir); qsort(filearr, files, sizeof(*filearr), cmpstrp); for (i = 0; i < files; i++) { load_1(ms, action, filearr[i], &errs, mentry, mentrycount); - free(filearr[i]); + efree(filearr[i]); } - free(filearr); + efree(filearr); } else load_1(ms, action, fn, &errs, mentry, mentrycount); if (errs) @@ -1211,9 +1247,9 @@ if (errs) { for (j = 0; j < MAGIC_SETS; j++) { if (map->magic[j]) - free(map->magic[j]); + efree(map->magic[j]); } - free(map); + efree(map); return NULL; } return map; @@ -1233,7 +1269,7 @@ * the sign extension must have happened. */ case FILE_BYTE: - v = (char) v; + v = (signed char) v; break; case FILE_SHORT: case FILE_BESHORT: @@ -1500,7 +1536,7 @@ if (me->cont_count == me->max_count) { struct magic *nm; size_t cnt = me->max_count + ALLOC_CHUNK; - if ((nm = CAST(struct magic *, realloc(me->mp, + if ((nm = CAST(struct magic *, erealloc(me->mp, sizeof(*nm) * cnt))) == NULL) { file_oomem(ms, sizeof(*nm) * cnt); return -1; @@ -1515,7 +1551,7 @@ static const size_t len = sizeof(*m) * ALLOC_CHUNK; if (me->mp != NULL) return 1; - if ((m = CAST(struct magic *, malloc(len))) == NULL) { + if ((m = CAST(struct magic *, emalloc(len))) == NULL) { file_oomem(ms, len); return -1; } @@ -1688,7 +1724,7 @@ m->type = get_standard_integer_type(l, &l); else if (*l == 's' && !isalpha((unsigned char)l[1])) { m->type = FILE_STRING; - ++l; + ++l; } } } @@ -1701,6 +1737,10 @@ if (m->type == FILE_INVALID) { if (ms->flags & MAGIC_CHECK) file_magwarn(ms, "type `%s' invalid", l); + if (me->mp) { + efree(me->mp); + me->mp = NULL; + } return -1; } @@ -1709,7 +1749,7 @@ m->mask_op = 0; if (*l == '~') { - if (!IS_STRING(m->type)) + if (!IS_LIBMAGIC_STRING(m->type)) m->mask_op |= FILE_OPINVERSE; else if (ms->flags & MAGIC_CHECK) file_magwarn(ms, "'~' invalid for string types"); @@ -1718,7 +1758,7 @@ m->str_range = 0; m->str_flags = m->type == FILE_PSTRING ? PSTRING_1_LE : 0; if ((op = get_op(*l)) != -1) { - if (!IS_STRING(m->type)) { + if (!IS_LIBMAGIC_STRING(m->type)) { uint64_t val; ++l; m->mask_op |= op; @@ -1909,11 +1949,6 @@ if (check_format(ms, m) == -1) return -1; } -#ifndef COMPILE_ONLY - if (action == FILE_CHECK) { - file_mdump(m); - } -#endif m->mimetype[0] = '\0'; /* initialise MIME type to none */ return 0; } @@ -2554,59 +2589,80 @@ private struct magic_map * apprentice_map(struct magic_set *ms, const char *fn) { - int fd; - struct stat st; uint32_t *ptr; uint32_t version, entries, nentries; int needsbyteswap; char *dbname = NULL; struct magic_map *map; size_t i; + php_stream *stream = NULL; + php_stream_statbuf st; - fd = -1; - if ((map = CAST(struct magic_map *, calloc(1, sizeof(*map)))) == NULL) { + + TSRMLS_FETCH(); + + if ((map = CAST(struct magic_map *, ecalloc(1, sizeof(*map)))) == NULL) { file_oomem(ms, sizeof(*map)); + efree(map); goto error; } + if (fn == NULL) { + map->p = (void *)&php_magic_database; + goto internal_loaded; + } + +#ifdef PHP_WIN32 + /* Don't bother on windows with php_stream_open_wrapper, + return to give apprentice_load() a chance. */ + if (php_stream_stat_path_ex((char *)fn, 0, &st, NULL) == SUCCESS) { + if (st.sb.st_mode & S_IFDIR) { + goto error; + } + } +#endif + dbname = mkdbname(ms, fn, 0); if (dbname == NULL) goto error; - if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1) +#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "rb", REPORT_ERRORS, NULL); +#endif + + if (!stream) { goto error; + } - if (fstat(fd, &st) == -1) { + if (php_stream_stat(stream, &st) < 0) { file_error(ms, errno, "cannot stat `%s'", dbname); goto error; } - if (st.st_size < 8) { + + if (st.sb.st_size < 8) { file_error(ms, 0, "file `%s' is too small", dbname); goto error; } - map->len = (size_t)st.st_size; -#ifdef QUICK - if ((map->p = mmap(0, (size_t)st.st_size, PROT_READ|PROT_WRITE, - MAP_PRIVATE|MAP_FILE, fd, (off_t)0)) == MAP_FAILED) { - file_error(ms, errno, "cannot map `%s'", dbname); - goto error; - } -#else - if ((map->p = CAST(void *, malloc(map->len))) == NULL) { + map->len = (size_t)st.sb.st_size; + if ((map->p = CAST(void *, emalloc(map->len))) == NULL) { file_oomem(ms, map->len); goto error; } - if (read(fd, map->p, map->len) != (ssize_t)map->len) { + if (php_stream_read(stream, map->p, (size_t)st.sb.st_size) != (size_t)st.sb.st_size) { file_badread(ms); goto error; } map->len = 0; #define RET 1 -#endif - (void)close(fd); - fd = -1; - ptr = CAST(uint32_t *, map->p); + + php_stream_close(stream); + stream = NULL; + +internal_loaded: + ptr = (uint32_t *)(void *)map->p; if (*ptr != MAGICNO) { if (swap4(*ptr) != MAGICNO) { file_error(ms, 0, "bad magic in `%s'", dbname); @@ -2620,17 +2676,29 @@ else version = ptr[1]; if (version != VERSIONNO) { - file_error(ms, 0, "File %s supports only version %d magic " - "files. `%s' is version %d", VERSION, + file_error(ms, 0, "File %d.%d supports only version %d magic " + "files. `%s' is version %d", FILE_VERSION_MAJOR, patchlevel, VERSIONNO, dbname, version); goto error; } - entries = (uint32_t)(st.st_size / sizeof(struct magic)); - if ((off_t)(entries * sizeof(struct magic)) != st.st_size) { - file_error(ms, 0, "Size of `%s' %llu is not a multiple of %zu", - dbname, (unsigned long long)st.st_size, - sizeof(struct magic)); - goto error; + + /* php_magic_database is a const, performing writes will segfault. This is for big-endian + machines only, PPC and Sparc specifically. Consider static variable or MINIT in + future. */ + if (needsbyteswap && fn == NULL) { + map->p = emalloc(sizeof(php_magic_database)); + map->p = memcpy(map->p, php_magic_database, sizeof(php_magic_database)); + } + + if (NULL != fn) { + nentries = (uint32_t)(st.sb.st_size / sizeof(struct magic)); + entries = (uint32_t)(st.sb.st_size / sizeof(struct magic)); + if ((off_t)(entries * sizeof(struct magic)) != st.sb.st_size) { + file_error(ms, 0, "Size of `%s' %llu is not a multiple of %zu", + dbname, (unsigned long long)st.sb.st_size, + sizeof(struct magic)); + goto error; + } } map->magic[0] = CAST(struct magic *, map->p) + 1; nentries = 0; @@ -2643,22 +2711,29 @@ map->magic[i + 1] = map->magic[i] + map->nmagic[i]; nentries += map->nmagic[i]; } - if (entries != nentries + 1) { + if (NULL != fn && entries != nentries + 1) { file_error(ms, 0, "Inconsistent entries in `%s' %u != %u", dbname, entries, nentries + 1); goto error; } + if (needsbyteswap) for (i = 0; i < MAGIC_SETS; i++) byteswap(map->magic[i], map->nmagic[i]); - free(dbname); + + if (dbname) { + efree(dbname); + } return map; error: - if (fd != -1) - (void)close(fd); + if (stream) { + php_stream_close(stream); + } apprentice_unmap(map); - free(dbname); + if (dbname) { + efree(dbname); + } return NULL; } @@ -2679,14 +2754,23 @@ char *dbname; int rv = -1; uint32_t i; + php_stream *stream; + + TSRMLS_FETCH(); - dbname = mkdbname(ms, fn, 1); + dbname = mkdbname(ms, fn, 0); if (dbname == NULL) goto out; - if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) - { +/* wb+ == O_WRONLY|O_CREAT|O_TRUNC|O_BINARY */ +#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)fn, "wb+", REPORT_ERRORS, NULL); +#endif + + if (!stream) { file_error(ms, errno, "cannot open `%s'", dbname); goto out; } @@ -2696,31 +2780,33 @@ goto out; } - if (write(fd, map->nmagic, nm) != (ssize_t)nm) { + if (php_stream_write(stream, (const char *)map->nmagic, nm) != (ssize_t)nm) { file_error(ms, errno, "error writing `%s'", dbname); goto out; } assert(nm + sizeof(ar) < m); - if (lseek(fd, (off_t)m, SEEK_SET) != (off_t)m) { + if (php_stream_seek(stream,(off_t)sizeof(struct magic), SEEK_SET) != sizeof(struct magic)) { file_error(ms, errno, "error seeking `%s'", dbname); goto out; } for (i = 0; i < MAGIC_SETS; i++) { len = m * map->nmagic[i]; - if (write(fd, map->magic[i], len) != (ssize_t)len) { + if (php_stream_write(stream, (const char *)map->magic[i], len) != (ssize_t)len) { file_error(ms, errno, "error writing `%s'", dbname); goto out; } } - if (fd != -1) - (void)close(fd); + if (stream) { + php_stream_close(stream); + } + rv = 0; out: - free(dbname); + efree(dbname); return rv; } @@ -2733,6 +2819,7 @@ { const char *p, *q; char *buf; + TSRMLS_FETCH(); if (strip) { if ((p = strrchr(fn, '/')) != NULL) @@ -2754,16 +2841,18 @@ q++; /* Compatibility with old code that looked in .mime */ if (ms->flags & MAGIC_MIME) { - if (asprintf(&buf, "%.*s.mime%s", (int)(q - fn), fn, ext) < 0) - return NULL; - if (access(buf, R_OK) != -1) { + spprintf(&buf, MAXPATHLEN, "%.*s.mime%s", (int)(q - fn), fn, ext); +#ifdef PHP_WIN32 + if (VCWD_ACCESS(buf, R_OK) == 0) { +#else + if (VCWD_ACCESS(buf, R_OK) != -1) { +#endif ms->flags &= MAGIC_MIME_TYPE; return buf; } - free(buf); + efree(buf); } - if (asprintf(&buf, "%.*s%s", (int)(q - fn), fn, ext) < 0) - return NULL; + spprintf(&buf, MAXPATHLEN, "%.*s%s", (int)(q - fn), fn, ext); /* Compatibility with old code that looked in .mime */ if (strstr(p, ".mime") != NULL) @@ -2853,7 +2942,7 @@ m->offset = swap4((uint32_t)m->offset); m->in_offset = swap4((uint32_t)m->in_offset); m->lineno = swap4((uint32_t)m->lineno); - if (IS_STRING(m->type)) { + if (IS_LIBMAGIC_STRING(m->type)) { m->str_range = swap4(m->str_range); m->str_flags = swap4(m->str_flags); } diff -u libmagic.orig/ascmagic.c libmagic/ascmagic.c --- libmagic.orig/ascmagic.c Wed Oct 31 18:03:01 2012 +++ libmagic/ascmagic.c Sun Jan 4 17:02:29 2015 @@ -139,7 +139,7 @@ /* malloc size is a conservative overestimate; could be improved, or at least realloced after conversion. */ mlen = ulen * 6; - if ((utf8_buf = CAST(unsigned char *, malloc(mlen))) == NULL) { + if ((utf8_buf = CAST(unsigned char *, emalloc(mlen))) == NULL) { file_oomem(ms, mlen); goto done; } @@ -147,7 +147,7 @@ == NULL) goto done; if ((rv = file_softmagic(ms, utf8_buf, - (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) + (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) rv = -1; } @@ -211,6 +211,7 @@ case 0: if (file_printf(ms, ", ") == -1) goto done; + break; case -1: goto done; default: @@ -296,7 +297,8 @@ } rv = 1; done: - free(utf8_buf); + if (utf8_buf) + efree(utf8_buf); return rv; } diff -u libmagic.orig/cdf.c libmagic/cdf.c --- libmagic.orig/cdf.c Thu Mar 21 18:45:14 2013 +++ libmagic/cdf.c Sun Jan 4 17:02:29 2015 @@ -43,7 +43,17 @@ #include #endif #include + +#ifdef PHP_WIN32 +#include "win32/unistd.h" +#else #include +#endif + +#ifndef UINT32_MAX +# define UINT32_MAX (0xffffffff) +#endif + #include #include #include @@ -267,13 +277,15 @@ { const char *b = (const char *)sst->sst_tab; const char *e = ((const char *)p) + tail; + size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? + CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); (void)&line; - if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len) + if (e >= b && (size_t)(e - b) <= ss * sst->sst_len) return 0; DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u" " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b), - CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len)); + ss * sst->sst_len, ss, sst->sst_len)); errno = EFTYPE; return -1; } @@ -296,7 +308,10 @@ if (info->i_fd == -1) return -1; - if (pread(info->i_fd, buf, len, off) != (ssize_t)len) + if (FINFO_LSEEK_FUNC(info->i_fd, off, SEEK_SET) == (off_t)-1) + return -1; + + if (FINFO_READ_FUNC(info->i_fd, buf, len) != (ssize_t)len) return -1; return (ssize_t)len; @@ -352,10 +367,10 @@ size_t ss = CDF_SHORT_SEC_SIZE(h); size_t pos = CDF_SHORT_SEC_POS(h, id); assert(ss == len); - if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { + if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", - pos, CDF_SEC_SIZE(h) * sst->sst_len)); + pos + len, CDF_SEC_SIZE(h) * sst->sst_len)); return -1; } (void)memcpy(((char *)buf) + offs, @@ -455,7 +470,8 @@ cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) { size_t i, j; - cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size); + cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size) + / sizeof(maxsector)); DPRINTF(("Chain:")); for (j = i = 0; sid >= 0; i++, j++) { @@ -465,8 +481,8 @@ errno = EFTYPE; return (size_t)-1; } - if (sid > maxsector) { - DPRINTF(("Sector %d > %d\n", sid, maxsector)); + if (sid >= maxsector) { + DPRINTF(("Sector %d >= %d\n", sid, maxsector)); errno = EFTYPE; return (size_t)-1; } @@ -796,11 +812,15 @@ if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; for (i = 0; i < sh.sh_properties; i++) { - size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); + size_t ofs, tail = (i << 1) + 1; + if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t), + __LINE__) == -1) + goto out; + ofs = CDF_GETUINT32(p, tail); q = (const uint8_t *)(const void *) ((const char *)(const void *)p + ofs - 2 * sizeof(uint32_t)); - if (q > e) { + if (q < p || q > e) { DPRINTF(("Ran of the end %p > %p\n", q, e)); goto out; } @@ -810,6 +830,10 @@ i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { nelements = CDF_GETUINT32(q, 1); + if (nelements == 0) { + DPRINTF(("CDF_VECTOR with nelements == 0\n")); + goto out; + } o = 2; } else { nelements = 1; @@ -884,7 +908,9 @@ } DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", nelements)); - for (j = 0; j < nelements; j++, i++) { + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { uint32_t l = CDF_GETUINT32(q, o); inp[i].pi_str.s_len = l; inp[i].pi_str.s_buf = (const char *) @@ -929,7 +955,7 @@ cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count) { - size_t i, maxcount; + size_t maxcount; const cdf_summary_info_header_t *si = CAST(const cdf_summary_info_header_t *, sst->sst_tab); const cdf_section_declaration_t *sd = @@ -944,21 +970,13 @@ ssi->si_os = CDF_TOLE2(si->si_os); ssi->si_class = si->si_class; cdf_swap_class(&ssi->si_class); - ssi->si_count = CDF_TOLE2(si->si_count); + ssi->si_count = CDF_TOLE4(si->si_count); *count = 0; maxcount = 0; *info = NULL; - for (i = 0; i < CDF_TOLE4(si->si_count); i++) { - if (i >= CDF_LOOP_LIMIT) { - DPRINTF(("Unpack summary info loop limit")); - errno = EFTYPE; - return -1; - } - if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), - info, count, &maxcount) == -1) { + if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info, + count, &maxcount) == -1) return -1; - } - } return 0; } @@ -1132,7 +1150,7 @@ cdf_directory_t *d; char name[__arraycount(d->d_name)]; cdf_stream_t scn; - struct timespec ts; + struct timeval ts; static const char *types[] = { "empty", "user storage", "user stream", "lockbytes", "property", "root storage" }; @@ -1185,7 +1203,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count) { cdf_timestamp_t tp; - struct timespec ts; + struct timeval ts; char buf[64]; size_t i, j; @@ -1229,7 +1247,11 @@ break; case CDF_FILETIME: tp = info[i].pi_tp; +#if defined(PHP_WIN32) && _MSC_VER <= 1500 + if (tp < 1000000000000000i64) { +#else if (tp < 1000000000000000LL) { +#endif cdf_print_elapsed_time(buf, sizeof(buf), tp); (void)fprintf(stderr, "timestamp %s\n", buf); } else { diff -u libmagic.orig/cdf.h libmagic/cdf.h --- libmagic.orig/cdf.h Wed Oct 31 18:03:01 2012 +++ libmagic/cdf.h Sun Jan 4 17:02:29 2015 @@ -35,10 +35,12 @@ #ifndef _H_CDF_ #define _H_CDF_ -#ifdef WIN32 +#ifdef PHP_WIN32 #include #define timespec timeval #define tv_nsec tv_usec +#define asctime_r php_asctime_r +#define ctime_r php_ctime_r #endif #ifdef __DJGPP__ #define timespec timeval @@ -57,7 +59,11 @@ typedef struct { uint64_t h_magic; -#define CDF_MAGIC 0xE11AB1A1E011CFD0LL +#if defined(PHP_WIN32) && _MSC_VER <= 1500 +# define CDF_MAGIC 0xE11AB1A1E011CFD0i64 +#else +# define CDF_MAGIC 0xE11AB1A1E011CFD0LL +#endif uint64_t h_uuid[2]; uint16_t h_revision; uint16_t h_version; @@ -267,9 +273,9 @@ size_t i_len; } cdf_info_t; -struct timespec; -int cdf_timestamp_to_timespec(struct timespec *, cdf_timestamp_t); -int cdf_timespec_to_timestamp(cdf_timestamp_t *, const struct timespec *); +struct timeval; +int cdf_timestamp_to_timespec(struct timeval *, cdf_timestamp_t); +int cdf_timespec_to_timestamp(cdf_timestamp_t *, const struct timeval *); int cdf_read_header(const cdf_info_t *, cdf_header_t *); void cdf_swap_header(cdf_header_t *); void cdf_unpack_header(cdf_header_t *, char *); diff -u libmagic.orig/cdf_time.c libmagic/cdf_time.c --- libmagic.orig/cdf_time.c Wed Oct 31 18:03:01 2012 +++ libmagic/cdf_time.c Sun Nov 9 19:16:18 2014 @@ -96,7 +96,7 @@ } int -cdf_timestamp_to_timespec(struct timespec *ts, cdf_timestamp_t t) +cdf_timestamp_to_timespec(struct timeval *ts, cdf_timestamp_t t) { struct tm tm; #ifdef HAVE_STRUCT_TM_TM_ZONE @@ -104,8 +104,9 @@ #endif int rdays; - /* Unit is 100's of nanoseconds */ - ts->tv_nsec = (t % CDF_TIME_PREC) * 100; + /* XXX 5.14 at least introdced 100 ns intervals, this is to do */ + /* Time interval, in microseconds */ + ts->tv_usec = (t % CDF_TIME_PREC) * CDF_TIME_PREC; t /= CDF_TIME_PREC; tm.tm_sec = (int)(t % 60); @@ -117,7 +118,7 @@ tm.tm_hour = (int)(t % 24); t /= 24; - // XXX: Approx + /* XXX: Approx */ tm.tm_year = (int)(CDF_BASE_YEAR + (t / 365)); rdays = cdf_getdays(tm.tm_year); @@ -144,7 +145,7 @@ int /*ARGSUSED*/ -cdf_timespec_to_timestamp(cdf_timestamp_t *t, const struct timespec *ts) +cdf_timespec_to_timestamp(cdf_timestamp_t *t, const struct timeval *ts) { #ifndef __lint__ (void)&t; @@ -156,7 +157,7 @@ errno = EINVAL; return -1; } - *t = (ts->ts_nsec / 100) * CDF_TIME_PREC; + *t = (ts->ts_usec / CDF_TIME_PREC) * CDF_TIME_PREC; *t = tm.tm_sec; *t += tm.tm_min * 60; *t += tm.tm_hour * 60 * 60; @@ -180,7 +181,7 @@ int main(int argc, char *argv[]) { - struct timespec ts; + struct timeval ts; char buf[25]; static const cdf_timestamp_t tst = 0x01A5E403C2D59C00ULL; static const char *ref = "Sat Apr 23 01:30:00 1977"; diff -u libmagic.orig/compress.c libmagic/compress.c --- libmagic.orig/compress.c Sun Jan 6 21:35:43 2013 +++ libmagic/compress.c Sun Jan 4 17:02:29 2015 @@ -32,6 +32,7 @@ * uncompress(method, old, n, newch) - uncompress old into new, * using method, return sizeof new */ +#include "config.h" #include "file.h" #ifndef lint @@ -45,7 +46,8 @@ #endif #include #include -#ifndef __MINGW32__ +#include +#ifndef PHP_WIN32 #include #endif #ifdef HAVE_SYS_WAIT_H @@ -59,6 +61,9 @@ #include #endif +#undef FIONREAD + + private const struct { const char magic[8]; size_t maglen; @@ -85,8 +90,7 @@ #define NODATA ((size_t)~0) private ssize_t swrite(int, const void *, size_t); -#if HAVE_FORK -private size_t ncompr = sizeof(compr) / sizeof(compr[0]); +#ifdef PHP_FILEINFO_UNCOMPRESS private size_t uncompressbuf(struct magic_set *, int, size_t, const unsigned char *, unsigned char **, size_t); #ifdef BUILTIN_DECOMPRESS @@ -102,10 +106,13 @@ size_t i, nsz; int rv = 0; int mime = ms->flags & MAGIC_MIME; + size_t ncompr; if ((ms->flags & MAGIC_COMPRESS) == 0) return 0; + ncompr = sizeof(compr) / sizeof(compr[0]); + for (i = 0; i < ncompr; i++) { if (nbytes < compr[i].maglen) continue; @@ -134,7 +141,8 @@ } } error: - free(newbuf); + if (newbuf) + efree(newbuf); ms->flags |= MAGIC_COMPRESS; return rv; } @@ -168,7 +176,7 @@ * `safe' read for sockets and pipes. */ protected ssize_t -sread(int fd, void *buf, size_t n, int canbepipe __attribute__((__unused__))) +sread(int fd, void *buf, size_t n, int canbepipe) { ssize_t rv; #ifdef FIONREAD @@ -216,7 +224,7 @@ nocheck: do - switch ((rv = read(fd, buf, n))) { + switch ((rv = FINFO_READ_FUNC(fd, buf, n))) { case -1: if (errno == EINTR) continue; @@ -293,13 +301,14 @@ return -1; } (void)close(tfd); - if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) { + if (FINFO_LSEEK_FUNC(fd, (off_t)0, SEEK_SET) == (off_t)-1) { file_badseek(ms); return -1; } return fd; } -#if HAVE_FORK + +#ifdef PHP_FILEINFO_UNCOMPRESS #ifdef BUILTIN_DECOMPRESS #define FHCRC (1 << 1) @@ -336,7 +345,7 @@ if (data_start >= n) return 0; - if ((*newch = CAST(unsigned char *, malloc(HOWMANY + 1))) == NULL) { + if ((*newch = CAST(unsigned char *, emalloc(HOWMANY + 1))) == NULL) { return 0; } @@ -397,19 +406,16 @@ case 0: /* child */ (void) close(0); if (fd != -1) { - if (dup(fd) == -1) - _exit(1); - (void) lseek(0, (off_t)0, SEEK_SET); + (void) dup(fd); + (void) FINFO_LSEEK_FUNC(0, (off_t)0, SEEK_SET); } else { - if (dup(fdin[0]) == -1) - _exit(1); + (void) dup(fdin[0]); (void) close(fdin[0]); (void) close(fdin[1]); } (void) close(1); - if (dup(fdout[1]) == -1) - _exit(1); + (void) dup(fdout[1]); (void) close(fdout[0]); (void) close(fdout[1]); #ifndef DEBUG @@ -466,20 +472,14 @@ fdin[1] = -1; } - if ((*newch = (unsigned char *) malloc(HOWMANY + 1)) == NULL) { -#ifdef DEBUG - (void)fprintf(stderr, "Malloc failed (%s)\n", - strerror(errno)); -#endif - n = 0; - goto err; - } + *newch = (unsigned char *) emalloc(HOWMANY + 1); + if ((r = sread(fdout[0], *newch, HOWMANY, 0)) <= 0) { #ifdef DEBUG (void)fprintf(stderr, "Read failed (%s)\n", strerror(errno)); #endif - free(*newch); + efree(*newch); n = 0; newch[0] = '\0'; goto err; @@ -503,4 +503,4 @@ return n; } } -#endif +#endif /* if PHP_FILEINFO_UNCOMPRESS */ diff -u libmagic.orig/file.h libmagic/file.h --- libmagic.orig/file.h Mon Feb 18 16:40:59 2013 +++ libmagic/file.h Sun Jan 4 17:02:29 2015 @@ -33,11 +33,9 @@ #ifndef __file_h__ #define __file_h__ -#ifdef HAVE_CONFIG_H -#include -#endif +#include "config.h" -#ifdef WIN32 +#ifdef PHP_WIN32 #ifdef _WIN64 #define SIZE_T_FORMAT "I64" #else @@ -61,10 +59,20 @@ #ifdef HAVE_INTTYPES_H #include #endif -#include -#include +#ifdef PHP_WIN32 +#include "win32/php_stdint.h" +#endif + +#include "php.h" +#include "ext/standard/php_string.h" +#include "ext/pcre/php_pcre.h" + #include +#ifdef PHP_WIN32 +#include "win32/param.h" +#else #include +#endif /* Do this here and now, because struct stat gets re-defined on solaris */ #include #include @@ -75,7 +83,7 @@ #define MAGIC "/etc/magic" #endif -#if defined(__EMX__) || defined (WIN32) +#if defined(__EMX__) || defined(PHP_WIN32) #define PATHSEP ';' #else #define PATHSEP ':' @@ -109,12 +117,6 @@ #endif #endif -#ifndef __GNUC__ -#ifndef __attribute__ -#define __attribute__(a) -#endif -#endif - #ifndef MIN #define MIN(a,b) (((a) < (b)) ? (a) : (b)) #endif @@ -224,7 +226,7 @@ #define FILE_USE 46 #define FILE_NAMES_SIZE 47 /* size of array to contain all names */ -#define IS_STRING(t) \ +#define IS_LIBMAGIC_STRING(t) \ ((t) == FILE_STRING || \ (t) == FILE_PSTRING || \ (t) == FILE_BESTRING16 || \ @@ -248,7 +250,7 @@ #ifdef ENABLE_CONDITIONALS uint8_t cond; /* conditional type */ #else - uint8_t dummy; + uint8_t dummy; #endif uint8_t factor_op; #define FILE_FACTOR_OP_PLUS '+' @@ -347,7 +349,7 @@ /* list of magic entries */ struct mlist { struct magic *magic; /* array of magic entries */ - uint32_t nmagic; /* number of entries in array */ + uint32_t nmagic; /* number of entries in array */ void *map; /* internal resources used by entry */ struct mlist *next, *prev; }; @@ -411,21 +413,16 @@ protected const char *file_fmttime(uint64_t, int, char *); protected struct magic_set *file_ms_alloc(int); protected void file_ms_free(struct magic_set *); -protected int file_buffer(struct magic_set *, int, const char *, const void *, +protected int file_buffer(struct magic_set *, php_stream *, const char *, const void *, size_t); -protected int file_fsmagic(struct magic_set *, const char *, struct stat *); +protected int file_fsmagic(struct magic_set *, const char *, struct stat *, php_stream *); protected int file_pipe2file(struct magic_set *, int, const void *, size_t); -protected int file_vprintf(struct magic_set *, const char *, va_list); -protected size_t file_printedlen(const struct magic_set *); protected int file_replace(struct magic_set *, const char *, const char *); -protected int file_printf(struct magic_set *, const char *, ...) - __attribute__((__format__(__printf__, 2, 3))); +protected int file_printf(struct magic_set *, const char *, ...); protected int file_reset(struct magic_set *); -protected int file_tryelf(struct magic_set *, int, const unsigned char *, - size_t); protected int file_trycdf(struct magic_set *, int, const unsigned char *, size_t); -#if HAVE_FORK +#ifdef PHP_FILEINFO_UNCOMPRESS protected int file_zmagic(struct magic_set *, int, const char *, const unsigned char *, size_t); #endif @@ -438,21 +435,18 @@ unichar **, size_t *, const char **, const char **, const char **); protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, - int, int); + size_t, int, int); protected int file_apprentice(struct magic_set *, const char *, int); protected int file_magicfind(struct magic_set *, const char *, struct mlist *); protected uint64_t file_signextend(struct magic_set *, struct magic *, uint64_t); +protected void file_delmagic(struct magic *, int type, size_t entries); protected void file_badread(struct magic_set *); protected void file_badseek(struct magic_set *); protected void file_oomem(struct magic_set *, size_t); -protected void file_error(struct magic_set *, int, const char *, ...) - __attribute__((__format__(__printf__, 3, 4))); -protected void file_magerror(struct magic_set *, const char *, ...) - __attribute__((__format__(__printf__, 2, 3))); -protected void file_magwarn(struct magic_set *, const char *, ...) - __attribute__((__format__(__printf__, 2, 3))); -protected void file_mdump(struct magic *); +protected void file_error(struct magic_set *, int, const char *, ...); +protected void file_magerror(struct magic_set *, const char *, ...); +protected void file_magwarn(struct magic_set *, const char *, ...); protected void file_showstr(FILE *, const char *, size_t); protected size_t file_mbswidth(const char *); protected const char *file_getbuffer(struct magic_set *); @@ -462,16 +456,14 @@ size_t *); protected size_t file_pstring_length_size(const struct magic *); protected size_t file_pstring_get_length(const struct magic *, const char *); +protected size_t file_printedlen(const struct magic_set *ms); #ifdef __EMX__ protected int file_os2_apptype(struct magic_set *, const char *, const void *, size_t); #endif /* __EMX__ */ - -#ifndef COMPILE_ONLY extern const char *file_names[]; extern const size_t file_nnames; -#endif #ifndef HAVE_STRERROR extern int sys_nerr; @@ -484,32 +476,16 @@ #define strtoul(a, b, c) strtol(a, b, c) #endif -#ifndef HAVE_PREAD -ssize_t pread(int, void *, size_t, off_t); -#endif -#ifndef HAVE_VASPRINTF -int vasprintf(char **, const char *, va_list); -#endif -#ifndef HAVE_ASPRINTF -int asprintf(char **ptr, const char *format_string, ...); -#endif - -#ifndef HAVE_STRLCPY +#ifndef strlcpy size_t strlcpy(char *dst, const char *src, size_t siz); #endif -#ifndef HAVE_STRLCAT +#ifndef strlcat size_t strlcat(char *dst, const char *src, size_t siz); #endif #ifndef HAVE_GETLINE ssize_t getline(char **dst, size_t *len, FILE *fp); ssize_t getdelim(char **dst, size_t *len, int delimiter, FILE *fp); #endif -#ifndef HAVE_CTIME_R -char *ctime_r(const time_t *, char *); -#endif -#ifndef HAVE_ASCTIME_R -char *asctime_r(const struct tm *, char *); -#endif #if defined(HAVE_MMAP) && defined(HAVE_SYS_MMAN_H) && !defined(QUICK) #define QUICK @@ -531,6 +507,14 @@ #endif #else #define FILE_RCSID(id) +#endif + +#ifdef PHP_WIN32 +#define FINFO_LSEEK_FUNC _lseek +#define FINFO_READ_FUNC _read +#else +#define FINFO_LSEEK_FUNC lseek +#define FINFO_READ_FUNC read #endif #endif /* __file_h__ */ diff -u libmagic.orig/fsmagic.c libmagic/fsmagic.c --- libmagic.orig/fsmagic.c Thu Mar 21 18:45:14 2013 +++ libmagic/fsmagic.c Sun Jan 4 17:02:29 2015 @@ -59,27 +59,21 @@ # define minor(dev) ((dev) & 0xff) #endif #undef HAVE_MAJOR -#ifdef S_IFLNK -private int -bad_link(struct magic_set *ms, int err, char *buf) -{ - int mime = ms->flags & MAGIC_MIME; - if ((mime & MAGIC_MIME_TYPE) && - file_printf(ms, "inode/symlink") - == -1) - return -1; - else if (!mime) { - if (ms->flags & MAGIC_ERROR) { - file_error(ms, err, - "broken symbolic link to `%s'", buf); - return -1; - } - if (file_printf(ms, "broken symbolic link to `%s'", buf) == -1) - return -1; - } - return 1; -} + +#ifdef PHP_WIN32 + +# undef S_IFIFO +#endif + + +#ifndef S_ISDIR +#define S_ISDIR(mode) ((mode) & _S_IFDIR) +#endif + +#ifndef S_ISREG +#define S_ISREG(mode) ((mode) & _S_IFREG) #endif + private int handle_mime(struct magic_set *ms, int mime, const char *str) { @@ -96,49 +90,45 @@ } protected int -file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) +file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb, php_stream *stream) { int ret, did = 0; int mime = ms->flags & MAGIC_MIME; -#ifdef S_IFLNK - char buf[BUFSIZ+4]; - ssize_t nch; - struct stat tstatbuf; -#endif + TSRMLS_FETCH(); if (ms->flags & MAGIC_APPLE) return 0; - if (fn == NULL) + + if (fn == NULL && !stream) { return 0; + } #define COMMA (did++ ? ", " : "") - /* - * Fstat is cheaper but fails for files you don't have read perms on. - * On 4.2BSD and similar systems, use lstat() to identify symlinks. - */ -#ifdef S_IFLNK - if ((ms->flags & MAGIC_SYMLINK) == 0) - ret = lstat(fn, sb); - else -#endif - ret = stat(fn, sb); /* don't merge into if; see "ret =" above */ - - if (ret) { - if (ms->flags & MAGIC_ERROR) { - file_error(ms, errno, "cannot stat `%s'", fn); - return -1; + + if (stream) { + php_stream_statbuf ssb; + if (php_stream_stat(stream, &ssb) < 0) { + if (ms->flags & MAGIC_ERROR) { + file_error(ms, errno, "cannot stat `%s'", fn); + return -1; + } + return 1; + } + memcpy(sb, &ssb.sb, sizeof(struct stat)); + } else { + if (php_sys_stat(fn, sb) != 0) { + if (ms->flags & MAGIC_ERROR) { + file_error(ms, errno, "cannot stat `%s'", fn); + return -1; + } + return 1; } - if (file_printf(ms, "cannot open `%s' (%s)", - fn, strerror(errno)) == -1) - return -1; - ms->event_flags |= EVENT_HAD_ERR; - return -1; } ret = 1; if (!mime) { #ifdef S_ISUID - if (sb->st_mode & S_ISUID) + if (sb->st_mode & S_ISUID) if (file_printf(ms, "%ssetuid", COMMA) == -1) return -1; #endif @@ -155,82 +145,43 @@ } switch (sb->st_mode & S_IFMT) { - case S_IFDIR: - if (mime) { - if (handle_mime(ms, mime, "directory") == -1) - return -1; - } else if (file_printf(ms, "%sdirectory", COMMA) == -1) - return -1; - break; -#ifdef S_IFCHR - case S_IFCHR: - /* - * If -s has been specified, treat character special files - * like ordinary files. Otherwise, just report that they - * are block special files and go on to the next file. - */ - if ((ms->flags & MAGIC_DEVICES) != 0) { - ret = 0; - break; - } - if (mime) { - if (handle_mime(ms, mime, "chardevice") == -1) - return -1; - } else { -#ifdef HAVE_STAT_ST_RDEV -# ifdef dv_unit +#ifndef PHP_WIN32 +# ifdef S_IFCHR + case S_IFCHR: + /* + * If -s has been specified, treat character special files + * like ordinary files. Otherwise, just report that they + * are block special files and go on to the next file. + */ + if ((ms->flags & MAGIC_DEVICES) != 0) { + ret = 0; + break; + } + if (mime) { + if (handle_mime(ms, mime, "x-character-device") == -1) + return -1; + } else { +# ifdef HAVE_STAT_ST_RDEV +# ifdef dv_unit if (file_printf(ms, "%scharacter special (%d/%d/%d)", COMMA, major(sb->st_rdev), dv_unit(sb->st_rdev), - dv_subunit(sb->st_rdev)) == -1) - return -1; -# else + dv_subunit(sb->st_rdev)) == -1) + return -1; +# else if (file_printf(ms, "%scharacter special (%ld/%ld)", COMMA, (long)major(sb->st_rdev), (long)minor(sb->st_rdev)) == -1) - return -1; -# endif -#else + return -1; +# endif +# else if (file_printf(ms, "%scharacter special", COMMA) == -1) - return -1; -#endif - } - break; -#endif -#ifdef S_IFBLK - case S_IFBLK: - /* - * If -s has been specified, treat block special files - * like ordinary files. Otherwise, just report that they - * are block special files and go on to the next file. - */ - if ((ms->flags & MAGIC_DEVICES) != 0) { - ret = 0; - break; - } - if (mime) { - if (handle_mime(ms, mime, "blockdevice") == -1) - return -1; - } else { -#ifdef HAVE_STAT_ST_RDEV -# ifdef dv_unit - if (file_printf(ms, "%sblock special (%d/%d/%d)", - COMMA, major(sb->st_rdev), dv_unit(sb->st_rdev), - dv_subunit(sb->st_rdev)) == -1) - return -1; -# else - if (file_printf(ms, "%sblock special (%ld/%ld)", - COMMA, (long)major(sb->st_rdev), - (long)minor(sb->st_rdev)) == -1) - return -1; + return -1; +# endif + } + return 1; # endif -#else - if (file_printf(ms, "%sblock special", COMMA) == -1) - return -1; #endif - } - break; -#endif - /* TODO add code to handle V7 MUX and Blit MUX files */ + #ifdef S_IFIFO case S_IFIFO: if((ms->flags & MAGIC_DEVICES) != 0) @@ -253,79 +204,14 @@ #endif #ifdef S_IFLNK case S_IFLNK: - if ((nch = readlink(fn, buf, BUFSIZ-1)) <= 0) { + /* stat is used, if it made here then the link is broken */ if (ms->flags & MAGIC_ERROR) { - file_error(ms, errno, "unreadable symlink `%s'", - fn); + file_error(ms, errno, "unreadable symlink `%s'", fn); return -1; } - if (mime) { - if (handle_mime(ms, mime, "symlink") == -1) - return -1; - } else if (file_printf(ms, - "%sunreadable symlink `%s' (%s)", COMMA, fn, - strerror(errno)) == -1) - return -1; - break; - } - buf[nch] = '\0'; /* readlink(2) does not do this */ - - /* If broken symlink, say so and quit early. */ - if (*buf == '/') { - if (stat(buf, &tstatbuf) < 0) - return bad_link(ms, errno, buf); - } else { - char *tmp; - char buf2[BUFSIZ+BUFSIZ+4]; - - if ((tmp = strrchr(fn, '/')) == NULL) { - tmp = buf; /* in current directory anyway */ - } else { - if (tmp - fn + 1 > BUFSIZ) { - if (ms->flags & MAGIC_ERROR) { - file_error(ms, 0, - "path too long: `%s'", buf); - return -1; - } - if (mime) { - if (handle_mime(ms, mime, - "x-path-too-long") == -1) - return -1; - } else if (file_printf(ms, - "%spath too long: `%s'", COMMA, - fn) == -1) - return -1; - break; - } - /* take dir part */ - (void)strlcpy(buf2, fn, sizeof buf2); - buf2[tmp - fn + 1] = '\0'; - /* plus (rel) link */ - (void)strlcat(buf2, buf, sizeof buf2); - tmp = buf2; - } - if (stat(tmp, &tstatbuf) < 0) - return bad_link(ms, errno, buf); - } - - /* Otherwise, handle it. */ - if ((ms->flags & MAGIC_SYMLINK) != 0) { - const char *p; - ms->flags &= MAGIC_SYMLINK; - p = magic_file(ms, buf); - ms->flags |= MAGIC_SYMLINK; - if (p == NULL) - return -1; - } else { /* just print what it points to */ - if (mime) { - if (handle_mime(ms, mime, "symlink") == -1) - return -1; - } else if (file_printf(ms, "%ssymbolic link to `%s'", - COMMA, buf) == -1) - return -1; - } - break; + return 1; #endif + #ifdef S_IFSOCK #ifndef __COHERENT__ case S_IFSOCK: @@ -337,27 +223,27 @@ break; #endif #endif - case S_IFREG: - /* - * regular file, check next possibility - * - * If stat() tells us the file has zero length, report here that - * the file is empty, so we can skip all the work of opening and - * reading the file. + case S_IFREG: + /* + * regular file, check next possibility + * + * If stat() tells us the file has zero length, report here that + * the file is empty, so we can skip all the work of opening and + * reading the file. * But if the -s option has been given, we skip this * optimization, since on some systems, stat() reports zero * size for raw disk partitions. (If the block special device * really has zero length, the fact that it is empty will be * detected and reported correctly when we read the file.) - */ - if ((ms->flags & MAGIC_DEVICES) == 0 && sb->st_size == 0) { - if (mime) { - if (handle_mime(ms, mime, "x-empty") == -1) - return -1; - } else if (file_printf(ms, "%sempty", COMMA) == -1) + */ + if ((ms->flags & MAGIC_DEVICES) == 0 && sb->st_size == 0) { + if (mime) { + if (handle_mime(ms, mime, "x-empty") == -1) return -1; + } else if (file_printf(ms, "%sempty", COMMA) == -1) + return -1; break; - } + } ret = 0; break; @@ -367,9 +253,5 @@ /*NOTREACHED*/ } - if (!mime && did) { - if (file_printf(ms, " ") == -1) - return -1; - } return ret; } diff -u libmagic.orig/funcs.c libmagic/funcs.c --- libmagic.orig/funcs.c Wed Oct 31 18:03:01 2012 +++ libmagic/funcs.c Sun Jan 4 17:02:29 2015 @@ -41,52 +41,42 @@ #if defined(HAVE_WCTYPE_H) #include #endif -#if defined(HAVE_LIMITS_H) -#include + +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t) -1) #endif -#ifndef SIZE_MAX -#define SIZE_MAX ((size_t)~0) +#ifndef PREG_OFFSET_CAPTURE +# define PREG_OFFSET_CAPTURE (1<<8) #endif +extern public void convert_libmagic_pattern(zval *pattern, int options); + /* * Like printf, only we append to a buffer. */ protected int -file_vprintf(struct magic_set *ms, const char *fmt, va_list ap) +file_printf(struct magic_set *ms, const char *fmt, ...) { + va_list ap; int len; - char *buf, *newstr; + char *buf = NULL, *newstr; - len = vasprintf(&buf, fmt, ap); - if (len < 0) - goto out; + va_start(ap, fmt); + len = vspprintf(&buf, 0, fmt, ap); + va_end(ap); if (ms->o.buf != NULL) { - len = asprintf(&newstr, "%s%s", ms->o.buf, buf); - free(buf); - if (len < 0) - goto out; - free(ms->o.buf); - buf = newstr; + len = spprintf(&newstr, 0, "%s%s", ms->o.buf, (buf ? buf : "")); + if (buf) { + efree(buf); + } + efree(ms->o.buf); + ms->o.buf = newstr; + } else { + ms->o.buf = buf; } - ms->o.buf = buf; return 0; -out: - file_error(ms, errno, "vasprintf failed"); - return -1; -} - -protected int -file_printf(struct magic_set *ms, const char *fmt, ...) -{ - int rv; - va_list ap; - - va_start(ap, fmt); - rv = file_vprintf(ms, fmt, ap); - va_end(ap); - return rv; } /* @@ -97,17 +87,30 @@ file_error_core(struct magic_set *ms, int error, const char *f, va_list va, size_t lineno) { + char *buf = NULL; + /* Only the first error is ok */ if (ms->event_flags & EVENT_HAD_ERR) return; if (lineno != 0) { - free(ms->o.buf); + efree(ms->o.buf); ms->o.buf = NULL; file_printf(ms, "line %" SIZE_T_FORMAT "u: ", lineno); } - file_vprintf(ms, f, va); - if (error > 0) - file_printf(ms, " (%s)", strerror(error)); + + vspprintf(&buf, 0, f, va); + va_end(va); + + if (error > 0) { + file_printf(ms, "%s (%s)", (*buf ? buf : ""), strerror(error)); + } else if (*buf) { + file_printf(ms, "%s", buf); + } + + if (buf) { + efree(buf); + } + ms->event_flags |= EVENT_HAD_ERR; ms->error = error; } @@ -154,10 +157,9 @@ file_error(ms, errno, "error reading"); } -#ifndef COMPILE_ONLY protected int -file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unused)), - const void *buf, size_t nb) +file_buffer(struct magic_set *ms, php_stream *stream, const char *inname, const void *buf, + size_t nb) { int m = 0, rv = 0, looks_text = 0; int mime = ms->flags & MAGIC_MIME; @@ -201,10 +203,10 @@ } } #endif -#if HAVE_FORK - /* try compression stuff */ + +#if PHP_FILEINFO_UNCOMPRESS if ((ms->flags & MAGIC_NO_CHECK_COMPRESS) == 0) - if ((m = file_zmagic(ms, fd, inname, ubuf, nb)) != 0) { + if ((m = file_zmagic(ms, stream, inname, ubuf, nb)) != 0) { if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "zmagic %d\n", m); goto done; @@ -219,16 +221,21 @@ } /* Check if we have a CDF file */ - if ((ms->flags & MAGIC_NO_CHECK_CDF) == 0) - if ((m = file_trycdf(ms, fd, ubuf, nb)) != 0) { - if ((ms->flags & MAGIC_DEBUG) != 0) - (void)fprintf(stderr, "cdf %d\n", m); - goto done; + if ((ms->flags & MAGIC_NO_CHECK_CDF) == 0) { + int fd; + TSRMLS_FETCH(); + if (stream && SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD, (void **)&fd, 0)) { + if ((m = file_trycdf(ms, fd, ubuf, nb)) != 0) { + if ((ms->flags & MAGIC_DEBUG) != 0) + (void)fprintf(stderr, "cdf %d\n", m); + goto done; + } } + } /* try soft magic tests */ if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) - if ((m = file_softmagic(ms, ubuf, nb, BINTEST, + if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, looks_text)) != 0) { if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "softmagic %d\n", m); @@ -296,7 +303,6 @@ return m; } -#endif protected int file_reset(struct magic_set *ms) @@ -306,11 +312,11 @@ return -1; } if (ms->o.buf) { - free(ms->o.buf); + efree(ms->o.buf); ms->o.buf = NULL; } if (ms->o.pbuf) { - free(ms->o.pbuf); + efree(ms->o.pbuf); ms->o.pbuf = NULL; } ms->event_flags &= ~EVENT_HAD_ERR; @@ -329,7 +335,7 @@ protected const char * file_getbuffer(struct magic_set *ms) { - char *pbuf, *op, *np; + char *op, *np; size_t psize, len; if (ms->event_flags & EVENT_HAD_ERR) @@ -344,15 +350,13 @@ /* * 4 is for octal representation, + 1 is for NUL */ len = strlen(ms->o.buf); if (len > (SIZE_MAX - 1) / 4) { - file_oomem(ms, len); return NULL; } psize = len * 4 + 1; - if ((pbuf = CAST(char *, realloc(ms->o.pbuf, psize))) == NULL) { + if ((ms->o.pbuf = CAST(char *, erealloc(ms->o.pbuf, psize))) == NULL) { file_oomem(ms, psize); return NULL; } - ms->o.pbuf = pbuf; #if defined(HAVE_WCHAR_H) && defined(HAVE_MBRTOWC) && defined(HAVE_WCWIDTH) { @@ -412,8 +416,8 @@ if (level >= ms->c.len) { len = (ms->c.len += 20) * sizeof(*ms->c.li); ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ? - malloc(len) : - realloc(ms->c.li, len)); + emalloc(len) : + erealloc(ms->c.li, len)); if (ms->c.li == NULL) { file_oomem(ms, len); return -1; @@ -433,29 +437,47 @@ return ms->o.buf == NULL ? 0 : strlen(ms->o.buf); } -protected int + +protected int file_replace(struct magic_set *ms, const char *pat, const char *rep) { - regex_t rx; - int rc; + zval *patt; + int opts = 0; + pcre_cache_entry *pce; + char *res; + zval *repl; + int res_len, rep_cnt = 0; + TSRMLS_FETCH(); + + MAKE_STD_ZVAL(patt); + ZVAL_STRINGL(patt, pat, strlen(pat), 0); + opts |= PCRE_MULTILINE; + convert_libmagic_pattern(patt, opts); + if ((pce = pcre_get_compiled_regex_cache(Z_STRVAL_P(patt), Z_STRLEN_P(patt) TSRMLS_CC)) == NULL) { + zval_dtor(patt); + FREE_ZVAL(patt); + return -1; + } + + MAKE_STD_ZVAL(repl); + ZVAL_STRINGL(repl, rep, strlen(rep), 0); + + res = php_pcre_replace_impl(pce, ms->o.buf, strlen(ms->o.buf), repl, + 0, &res_len, -1, &rep_cnt TSRMLS_CC); - rc = regcomp(&rx, pat, REG_EXTENDED); - if (rc) { - char errmsg[512]; - (void)regerror(rc, &rx, errmsg, sizeof(errmsg)); - file_magerror(ms, "regex error %d, (%s)", rc, errmsg); + FREE_ZVAL(repl); + zval_dtor(patt); + FREE_ZVAL(patt); + + if (NULL == res) { return -1; - } else { - regmatch_t rm; - int nm = 0; - while (regexec(&rx, ms->o.buf, 1, &rm, 0) == 0) { - ms->o.buf[rm.rm_so] = '\0'; - if (file_printf(ms, "%s%s", rep, - rm.rm_eo != 0 ? ms->o.buf + rm.rm_eo : "") == -1) - return -1; - nm++; - } - regfree(&rx); - return nm; } + + strncpy(ms->o.buf, res, res_len); + ms->o.buf[res_len] = '\0'; + + efree(res); + + return rep_cnt; } + diff -u libmagic.orig/magic.c libmagic/magic.c --- libmagic.orig/magic.c Fri Jan 11 17:43:09 2013 +++ libmagic/magic.c Sun Jan 4 17:02:29 2015 @@ -25,11 +25,6 @@ * SUCH DAMAGE. */ -#ifdef WIN32 -#include -#include -#endif - #include "file.h" #ifndef lint @@ -39,15 +34,24 @@ #include "magic.h" #include +#ifdef PHP_WIN32 +#include "win32/unistd.h" +#else #include +#endif #include -#ifdef QUICK -#include +#ifdef PHP_WIN32 +# include "config.w32.h" +#else +# include "php_config.h" #endif -#ifdef HAVE_LIMITS_H -#include /* for PIPE_BUF */ + +#ifdef PHP_WIN32 +#include #endif +#include /* for PIPE_BUF */ + #if defined(HAVE_UTIMES) # include #elif defined(HAVE_UTIME) @@ -71,18 +75,25 @@ #endif #endif +#ifdef PHP_WIN32 +# undef S_IFLNK +# undef S_IFIFO +#endif + private void close_and_restore(const struct magic_set *, const char *, int, const struct stat *); private int unreadable_info(struct magic_set *, mode_t, const char *); +#if 0 private const char* get_default_magic(void); -#ifndef COMPILE_ONLY -private const char *file_or_fd(struct magic_set *, const char *, int); #endif +private const char *file_or_stream(struct magic_set *, const char *, php_stream *); #ifndef STDIN_FILENO #define STDIN_FILENO 0 #endif +/* XXX this functionality is excluded in php, enable it in apprentice.c:340 */ +#if 0 private const char * get_default_magic(void) { @@ -90,7 +101,7 @@ static char *default_magic; char *home, *hmagicpath; -#ifndef WIN32 +#ifndef PHP_WIN32 struct stat st; if (default_magic) { @@ -104,17 +115,17 @@ return MAGIC; if (stat(hmagicpath, &st) == -1) { free(hmagicpath); - if (asprintf(&hmagicpath, "%s/.magic", home) < 0) + if (asprintf(&hmagicpath, "%s/.magic", home) < 0) + return MAGIC; + if (stat(hmagicpath, &st) == -1) + goto out; + if (S_ISDIR(st.st_mode)) { + free(hmagicpath); + if (asprintf(&hmagicpath, "%s/%s", home, hmagic) < 0) return MAGIC; - if (stat(hmagicpath, &st) == -1) + if (access(hmagicpath, R_OK) == -1) goto out; - if (S_ISDIR(st.st_mode)) { - free(hmagicpath); - if (asprintf(&hmagicpath, "%s/%s", home, hmagic) < 0) - return MAGIC; - if (access(hmagicpath, R_OK) == -1) - goto out; - } + } } if (asprintf(&default_magic, "%s:%s", hmagicpath, MAGIC) < 0) @@ -128,6 +139,7 @@ #else char *hmagicp = hmagicpath; char *tmppath = NULL; + LPTSTR dllpath; #define APPENDPATH() \ do { \ @@ -172,7 +184,7 @@ } /* Third, try to get magic file relative to dll location */ - LPTSTR dllpath = malloc(sizeof(*dllpath) * (MAX_PATH + 1)); + dllpath = malloc(sizeof(*dllpath) * (MAX_PATH + 1)); dllpath[MAX_PATH] = 0; /* just in case long path gets truncated and not null terminated */ if (GetModuleFileNameA(NULL, dllpath, MAX_PATH)){ PathRemoveFileSpecA(dllpath); @@ -210,6 +222,7 @@ return action == FILE_LOAD ? get_default_magic() : MAGIC; } +#endif public struct magic_set * magic_open(int flags) @@ -250,7 +263,7 @@ magic_load(struct magic_set *ms, const char *magicfile) { if (ms == NULL) - return -1; + return -1; return file_apprentice(ms, magicfile, FILE_LOAD); } @@ -262,13 +275,6 @@ return file_apprentice(ms, magicfile, FILE_COMPILE); } -public int -magic_check(struct magic_set *ms, const char *magicfile) -{ - if (ms == NULL) - return -1; - return file_apprentice(ms, magicfile, FILE_CHECK); -} public int magic_list(struct magic_set *ms, const char *magicfile) @@ -282,9 +288,6 @@ close_and_restore(const struct magic_set *ms, const char *name, int fd, const struct stat *sb) { - if (fd == STDIN_FILENO) - return; - (void) close(fd); if ((ms->flags & MAGIC_PRESERVE_ATIME) != 0) { /* @@ -311,7 +314,6 @@ } } -#ifndef COMPILE_ONLY /* * find type of descriptor @@ -321,7 +323,7 @@ { if (ms == NULL) return NULL; - return file_or_fd(ms, NULL, fd); + return file_or_stream(ms, NULL, NULL); } /* @@ -332,30 +334,42 @@ { if (ms == NULL) return NULL; - return file_or_fd(ms, inname, STDIN_FILENO); + return file_or_stream(ms, inname, NULL); +} + +public const char * +magic_stream(struct magic_set *ms, php_stream *stream) +{ + if (ms == NULL) + return NULL; + return file_or_stream(ms, NULL, stream); } private const char * -file_or_fd(struct magic_set *ms, const char *inname, int fd) +file_or_stream(struct magic_set *ms, const char *inname, php_stream *stream) { int rv = -1; unsigned char *buf; struct stat sb; ssize_t nbytes = 0; /* number of bytes read from a datafile */ - int ispipe = 0; + int no_in_stream = 0; + TSRMLS_FETCH(); + + if (!inname && !stream) { + return NULL; + } /* * one extra for terminating '\0', and * some overlapping space for matches near EOF */ #define SLOP (1 + sizeof(union VALUETYPE)) - if ((buf = CAST(unsigned char *, malloc(HOWMANY + SLOP))) == NULL) - return NULL; + buf = emalloc(HOWMANY + SLOP); if (file_reset(ms) == -1) goto done; - switch (file_fsmagic(ms, inname, &sb)) { + switch (file_fsmagic(ms, inname, &sb, stream)) { case -1: /* error */ goto done; case 0: /* nothing found */ @@ -365,68 +379,48 @@ goto done; } - if (inname == NULL) { - if (fstat(fd, &sb) == 0 && S_ISFIFO(sb.st_mode)) - ispipe = 1; - } else { - int flags = O_RDONLY|O_BINARY; + errno = 0; - if (stat(inname, &sb) == 0 && S_ISFIFO(sb.st_mode)) { -#ifdef O_NONBLOCK - flags |= O_NONBLOCK; + if (!stream && inname) { + no_in_stream = 1; +#if PHP_API_VERSION < 20100412 + stream = php_stream_open_wrapper((char *)inname, "rb", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL); +#else + stream = php_stream_open_wrapper((char *)inname, "rb", REPORT_ERRORS, NULL); #endif - ispipe = 1; - } + } - errno = 0; - if ((fd = open(inname, flags)) < 0) { - if (unreadable_info(ms, sb.st_mode, inname) == -1) - goto done; - rv = 0; + if (!stream) { + if (unreadable_info(ms, sb.st_mode, inname) == -1) goto done; - } + rv = 0; + goto done; + } + #ifdef O_NONBLOCK - if ((flags = fcntl(fd, F_GETFL)) != -1) { - flags &= ~O_NONBLOCK; - (void)fcntl(fd, F_SETFL, flags); - } +/* we should be already be in non blocking mode for network socket */ #endif - } /* * try looking at the first HOWMANY bytes */ - if (ispipe) { - ssize_t r = 0; - - while ((r = sread(fd, (void *)&buf[nbytes], - (size_t)(HOWMANY - nbytes), 1)) > 0) { - nbytes += r; - if (r < PIPE_BUF) break; - } - - if (nbytes == 0) { - /* We can not read it, but we were able to stat it. */ - if (unreadable_info(ms, sb.st_mode, inname) == -1) - goto done; - rv = 0; - goto done; - } - - } else { - if ((nbytes = read(fd, (char *)buf, HOWMANY)) == -1) { - file_error(ms, errno, "cannot read `%s'", inname); - goto done; - } + if ((nbytes = php_stream_read(stream, (char *)buf, HOWMANY)) < 0) { + file_error(ms, errno, "cannot read `%s'", inname); + goto done; } (void)memset(buf + nbytes, 0, SLOP); /* NUL terminate */ - if (file_buffer(ms, fd, inname, buf, (size_t)nbytes) == -1) + if (file_buffer(ms, stream, inname, buf, (size_t)nbytes) == -1) goto done; rv = 0; done: - free(buf); - close_and_restore(ms, inname, fd, &sb); + efree(buf); + + if (no_in_stream && stream) { + php_stream_close(stream); + } + + close_and_restore(ms, inname, 0, &sb); return rv == 0 ? file_getbuffer(ms) : NULL; } @@ -440,14 +434,13 @@ return NULL; /* * The main work is done here! - * We have the file name and/or the data buffer to be identified. + * We have the file name and/or the data buffer to be identified. */ - if (file_buffer(ms, -1, NULL, buf, nb) == -1) { + if (file_buffer(ms, NULL, NULL, buf, nb) == -1) { return NULL; } return file_getbuffer(ms); } -#endif public const char * magic_error(struct magic_set *ms) diff -u libmagic.orig/magic.h libmagic/magic.h --- libmagic.orig/magic.h Thu Mar 21 18:52:42 2013 +++ libmagic/magic.h Sun Jan 4 17:02:29 2015 @@ -87,6 +87,7 @@ const char *magic_getpath(const char *, int); const char *magic_file(magic_t, const char *); +const char *magic_stream(magic_t, php_stream *); const char *magic_descriptor(magic_t, int); const char *magic_buffer(magic_t, const void *, size_t); @@ -96,7 +97,6 @@ int magic_version(void); int magic_load(magic_t, const char *); int magic_compile(magic_t, const char *); -int magic_check(magic_t, const char *); int magic_list(magic_t, const char *); int magic_errno(magic_t); diff -u libmagic.orig/print.c libmagic/print.c --- libmagic.orig/print.c Thu Mar 21 18:45:14 2013 +++ libmagic/print.c Sun Jan 4 17:02:29 2015 @@ -29,12 +29,17 @@ * print.c - debugging printout routines */ +#define _GNU_SOURCE +#include "php.h" + #include "file.h" +#include "cdf.h" #ifndef lint FILE_RCSID("@(#)$File: print.c,v 1.76 2013/02/26 18:25:00 christos Exp $") #endif /* lint */ +#include #include #include #include @@ -43,188 +48,28 @@ #endif #include -#define SZOF(a) (sizeof(a) / sizeof(a[0])) - -#include "cdf.h" - -#ifndef COMPILE_ONLY -protected void -file_mdump(struct magic *m) -{ - static const char optyp[] = { FILE_OPS }; - char tbuf[26]; - - (void) fprintf(stderr, "%u: %.*s %u", m->lineno, - (m->cont_level & 7) + 1, ">>>>>>>>", m->offset); - - if (m->flag & INDIR) { - (void) fprintf(stderr, "(%s,", - /* Note: type is unsigned */ - (m->in_type < file_nnames) ? file_names[m->in_type] : - "*bad in_type*"); - if (m->in_op & FILE_OPINVERSE) - (void) fputc('~', stderr); - (void) fprintf(stderr, "%c%u),", - ((size_t)(m->in_op & FILE_OPS_MASK) < - SZOF(optyp)) ? optyp[m->in_op & FILE_OPS_MASK] : '?', - m->in_offset); - } - (void) fprintf(stderr, " %s%s", (m->flag & UNSIGNED) ? "u" : "", - /* Note: type is unsigned */ - (m->type < file_nnames) ? file_names[m->type] : "*bad type"); - if (m->mask_op & FILE_OPINVERSE) - (void) fputc('~', stderr); - - if (IS_STRING(m->type)) { - if (m->str_flags) { - (void) fputc('/', stderr); - if (m->str_flags & STRING_COMPACT_WHITESPACE) - (void) fputc(CHAR_COMPACT_WHITESPACE, stderr); - if (m->str_flags & STRING_COMPACT_OPTIONAL_WHITESPACE) - (void) fputc(CHAR_COMPACT_OPTIONAL_WHITESPACE, - stderr); - if (m->str_flags & STRING_IGNORE_LOWERCASE) - (void) fputc(CHAR_IGNORE_LOWERCASE, stderr); - if (m->str_flags & STRING_IGNORE_UPPERCASE) - (void) fputc(CHAR_IGNORE_UPPERCASE, stderr); - if (m->str_flags & REGEX_OFFSET_START) - (void) fputc(CHAR_REGEX_OFFSET_START, stderr); - if (m->str_flags & STRING_TEXTTEST) - (void) fputc(CHAR_TEXTTEST, stderr); - if (m->str_flags & STRING_BINTEST) - (void) fputc(CHAR_BINTEST, stderr); - if (m->str_flags & PSTRING_1_BE) - (void) fputc(CHAR_PSTRING_1_BE, stderr); - if (m->str_flags & PSTRING_2_BE) - (void) fputc(CHAR_PSTRING_2_BE, stderr); - if (m->str_flags & PSTRING_2_LE) - (void) fputc(CHAR_PSTRING_2_LE, stderr); - if (m->str_flags & PSTRING_4_BE) - (void) fputc(CHAR_PSTRING_4_BE, stderr); - if (m->str_flags & PSTRING_4_LE) - (void) fputc(CHAR_PSTRING_4_LE, stderr); - if (m->str_flags & PSTRING_LENGTH_INCLUDES_ITSELF) - (void) fputc( - CHAR_PSTRING_LENGTH_INCLUDES_ITSELF, - stderr); - } - if (m->str_range) - (void) fprintf(stderr, "/%u", m->str_range); - } - else { - if ((size_t)(m->mask_op & FILE_OPS_MASK) < SZOF(optyp)) - (void) fputc(optyp[m->mask_op & FILE_OPS_MASK], stderr); - else - (void) fputc('?', stderr); - - if (m->num_mask) { - (void) fprintf(stderr, "%.8llx", - (unsigned long long)m->num_mask); - } - } - (void) fprintf(stderr, ",%c", m->reln); - - if (m->reln != 'x') { - switch (m->type) { - case FILE_BYTE: - case FILE_SHORT: - case FILE_LONG: - case FILE_LESHORT: - case FILE_LELONG: - case FILE_MELONG: - case FILE_BESHORT: - case FILE_BELONG: - case FILE_INDIRECT: - (void) fprintf(stderr, "%d", m->value.l); - break; - case FILE_BEQUAD: - case FILE_LEQUAD: - case FILE_QUAD: - (void) fprintf(stderr, "%" INT64_T_FORMAT "d", - (unsigned long long)m->value.q); - break; - case FILE_PSTRING: - case FILE_STRING: - case FILE_REGEX: - case FILE_BESTRING16: - case FILE_LESTRING16: - case FILE_SEARCH: - file_showstr(stderr, m->value.s, (size_t)m->vallen); - break; - case FILE_DATE: - case FILE_LEDATE: - case FILE_BEDATE: - case FILE_MEDATE: - (void)fprintf(stderr, "%s,", - file_fmttime(m->value.l, FILE_T_LOCAL, tbuf)); - break; - case FILE_LDATE: - case FILE_LELDATE: - case FILE_BELDATE: - case FILE_MELDATE: - (void)fprintf(stderr, "%s,", - file_fmttime(m->value.l, 0, tbuf)); - case FILE_QDATE: - case FILE_LEQDATE: - case FILE_BEQDATE: - (void)fprintf(stderr, "%s,", - file_fmttime(m->value.q, FILE_T_LOCAL, tbuf)); - break; - case FILE_QLDATE: - case FILE_LEQLDATE: - case FILE_BEQLDATE: - (void)fprintf(stderr, "%s,", - file_fmttime(m->value.q, 0, tbuf)); - break; - case FILE_QWDATE: - case FILE_LEQWDATE: - case FILE_BEQWDATE: - (void)fprintf(stderr, "%s,", - file_fmttime(m->value.q, FILE_T_WINDOWS, tbuf)); - break; - case FILE_FLOAT: - case FILE_BEFLOAT: - case FILE_LEFLOAT: - (void) fprintf(stderr, "%G", m->value.f); - break; - case FILE_DOUBLE: - case FILE_BEDOUBLE: - case FILE_LEDOUBLE: - (void) fprintf(stderr, "%G", m->value.d); - break; - case FILE_DEFAULT: - /* XXX - do anything here? */ - break; - case FILE_USE: - case FILE_NAME: - (void) fprintf(stderr, "'%s'", m->value.s); - break; - default: - (void) fprintf(stderr, "*bad type %d*", m->type); - break; - } - } - (void) fprintf(stderr, ",\"%s\"]\n", m->desc); -} +#ifdef PHP_WIN32 +# define asctime_r php_asctime_r +# define ctime_r php_ctime_r #endif +#define SZOF(a) (sizeof(a) / sizeof(a[0])) + /*VARARGS*/ protected void file_magwarn(struct magic_set *ms, const char *f, ...) { va_list va; + char *expanded_format; + TSRMLS_FETCH(); - /* cuz we use stdout for most, stderr here */ - (void) fflush(stdout); - - if (ms->file) - (void) fprintf(stderr, "%s, %lu: ", ms->file, - (unsigned long)ms->line); - (void) fprintf(stderr, "Warning: "); va_start(va, f); - (void) vfprintf(stderr, f, va); + if (vasprintf(&expanded_format, f, va)); /* silence */ va_end(va); - (void) fputc('\n', stderr); + + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Warning: %s", expanded_format); + + free(expanded_format); } protected const char * @@ -235,7 +80,7 @@ struct tm *tm; if (flags & FILE_T_WINDOWS) { - struct timespec ts; + struct timeval ts; cdf_timestamp_to_timespec(&ts, t); t = ts.tv_sec; } diff -u libmagic.orig/readcdf.c libmagic/readcdf.c --- libmagic.orig/readcdf.c Wed Oct 31 18:03:01 2012 +++ libmagic/readcdf.c Sun Jan 4 17:02:29 2015 @@ -30,7 +30,11 @@ #endif #include +#ifdef PHP_WIN32 +#include "win32/unistd.h" +#else #include +#endif #include #include #include @@ -46,12 +50,14 @@ { size_t i; cdf_timestamp_t tp; - struct timespec ts; + struct timeval ts; char buf[64]; const char *str = NULL; const char *s; int len; + memset(&ts, 0, sizeof(ts)); + for (i = 0; i < count; i++) { cdf_print_property_name(buf, sizeof(buf), info[i].pi_id); switch (info[i].pi_type) { @@ -125,8 +131,12 @@ case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { - char tbuf[64]; - if (tp < 1000000000000000LL) { + char tbuf[64]; +#if defined(PHP_WIN32) && _MSC_VER <= 1500 + if (tp < 1000000000000000i64) { +#else + if (tp < 1000000000000000LL) { +#endif cdf_print_elapsed_time(tbuf, sizeof(tbuf), tp); if (NOTMIME(ms) && file_printf(ms, @@ -134,9 +144,13 @@ return -1; } else { char *c, *ec; - cdf_timestamp_to_timespec(&ts, tp); - c = cdf_ctime(&ts.tv_sec, tbuf); - if ((ec = strchr(c, '\n')) != NULL) + const time_t sec = ts.tv_sec; + if (cdf_timestamp_to_timespec(&ts, tp) == -1) { + return -1; + } + c = cdf_ctime(&sec, tbuf); + if (c != NULL && + (ec = strchr(c, '\n')) != NULL) *ec = '\0'; if (NOTMIME(ms) && file_printf(ms, @@ -314,9 +328,9 @@ if (file_printf(ms, "Composite Document File V2 Document") == -1) return -1; - if (*expn) - if (file_printf(ms, ", %s%s", corrupt, expn) == -1) - return -1; + if (*expn) + if (file_printf(ms, ", %s%s", corrupt, expn) == -1) + return -1; } else { if (file_printf(ms, "application/CDFV2-corrupt") == -1) return -1; diff -u libmagic.orig/softmagic.c libmagic/softmagic.c --- libmagic.orig/softmagic.c Thu Mar 21 18:45:14 2013 +++ libmagic/softmagic.c Sun Jan 4 17:02:29 2015 @@ -41,6 +41,11 @@ #include #include +#ifndef PREG_OFFSET_CAPTURE +# define PREG_OFFSET_CAPTURE (1<<8) +#endif + + private int match(struct magic_set *, struct magic *, uint32_t, const unsigned char *, size_t, size_t, int, int, int, int, int *, int *, @@ -53,7 +58,7 @@ private int32_t moffset(struct magic_set *, struct magic *); private void mdebug(uint32_t, const char *, size_t); private int mcopy(struct magic_set *, union VALUETYPE *, int, int, - const unsigned char *, uint32_t, size_t, size_t); + const unsigned char *, uint32_t, size_t, struct magic *); private int mconvert(struct magic_set *, struct magic *, int); private int print_sep(struct magic_set *, int); private int handle_annotation(struct magic_set *, struct magic *); @@ -62,6 +67,8 @@ private void cvt_32(union VALUETYPE *, const struct magic *); private void cvt_64(union VALUETYPE *, const struct magic *); +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) + /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. @@ -69,13 +76,13 @@ /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ protected int file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, - int mode, int text) + size_t level, int mode, int text) { struct mlist *ml; int rv, printed_something = 0, need_separator = 0; for (ml = ms->mlist[0]->next; ml != ms->mlist[0]; ml = ml->next) if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, 0, mode, - text, 0, 0, &printed_something, &need_separator, + text, 0, level, &printed_something, &need_separator, NULL)) != 0) return rv; @@ -132,7 +139,7 @@ struct magic *m = &magic[magindex]; if (m->type != FILE_NAME) - if ((IS_STRING(m->type) && + if ((IS_LIBMAGIC_STRING(m->type) && #define FLT (STRING_BINTEST | STRING_TEXTTEST) ((text && (m->str_flags & FLT) == STRING_BINTEST) || (!text && (m->str_flags & FLT) == STRING_TEXTTEST))) || @@ -209,8 +216,8 @@ if (file_check_mem(ms, ++cont_level) == -1) return -1; - while (magic[magindex+1].cont_level != 0 && - ++magindex < nmagic) { + while (magindex + 1 < nmagic && magic[magindex+1].cont_level != 0 && + ++magindex) { m = &magic[magindex]; ms->line = m->lineno; /* for messages */ @@ -335,44 +342,22 @@ private int check_fmt(struct magic_set *ms, struct magic *m) { - regex_t rx; - int rc; - - if (strchr(m->desc, '%') == NULL) + pcre *pce; + int re_options; + pcre_extra *re_extra; + TSRMLS_FETCH(); + + if (strchr(m->desc, '%') == NULL) { return 0; - - rc = regcomp(&rx, "%[-0-9\\.]*s", REG_EXTENDED|REG_NOSUB); - if (rc) { - char errmsg[512]; - (void)regerror(rc, &rx, errmsg, sizeof(errmsg)); - file_magerror(ms, "regex error %d, (%s)", rc, errmsg); + } + + if ((pce = pcre_get_compiled_regex("~%[-0-9.]*s~", &re_extra, &re_options TSRMLS_CC)) == NULL) { return -1; } else { - rc = regexec(&rx, m->desc, 0, 0, 0); - regfree(&rx); - return !rc; + return !pcre_exec(pce, re_extra, m->desc, strlen(m->desc), 0, re_options, NULL, 0); } } -#ifndef HAVE_STRNDUP -char * strndup(const char *, size_t); - -char * -strndup(const char *str, size_t n) -{ - size_t len; - char *copy; - - for (len = 0; len < n && str[len]; len++) - continue; - if ((copy = malloc(len + 1)) == NULL) - return NULL; - (void)memcpy(copy, str, len); - copy[len] = '\0'; - return copy; -} -#endif /* HAVE_STRNDUP */ - private int32_t mprint(struct magic_set *ms, struct magic *m) { @@ -583,13 +568,13 @@ char *cp; int rval; - cp = strndup((const char *)ms->search.s, ms->search.rm_len); + cp = estrndup((const char *)ms->search.s, ms->search.rm_len); if (cp == NULL) { file_oomem(ms, ms->search.rm_len); return -1; } rval = file_printf(ms, m->desc, cp); - free(cp); + efree(cp); if (rval == -1) return -1; @@ -835,16 +820,16 @@ if (m->num_mask) \ switch (m->mask_op & FILE_OPS_MASK) { \ case FILE_OPADD: \ - p->fld += cast m->num_mask; \ + p->fld += cast (int64_t)m->num_mask; \ break; \ case FILE_OPMINUS: \ - p->fld -= cast m->num_mask; \ + p->fld -= cast (int64_t)m->num_mask; \ break; \ case FILE_OPMULTIPLY: \ - p->fld *= cast m->num_mask; \ + p->fld *= cast (int64_t)m->num_mask; \ break; \ case FILE_OPDIVIDE: \ - p->fld /= cast m->num_mask; \ + p->fld /= cast (int64_t)m->num_mask; \ break; \ } \ @@ -896,10 +881,21 @@ return 1; } case FILE_PSTRING: { - char *ptr1 = p->s, *ptr2 = ptr1 + file_pstring_length_size(m); + size_t sz = file_pstring_length_size(m); + char *ptr1 = p->s, *ptr2 = ptr1 + sz; size_t len = file_pstring_get_length(m, ptr1); - if (len >= sizeof(p->s)) - len = sizeof(p->s) - 1; + sz = sizeof(p->s) - sz; /* maximum length of string */ + if (len >= sz) { + /* + * The size of the pascal string length (sz) + * is 1, 2, or 4. We need at least 1 byte for NUL + * termination, but we've already truncated the + * string by p->s, so we need to deduct sz. + * Because we can use one of the bytes of the length + * after we shifted as NUL termination. + */ + len = sz; + } while (len--) *ptr1++ = *ptr2++; *ptr1 = '\0'; @@ -1010,7 +1006,7 @@ private int mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, - const unsigned char *s, uint32_t offset, size_t nbytes, size_t linecnt) + const unsigned char *s, uint32_t offset, size_t nbytes, struct magic *m) { /* * Note: FILE_SEARCH and FILE_REGEX do not actually copy @@ -1030,15 +1026,24 @@ const char *last; /* end of search region */ const char *buf; /* start of search region */ const char *end; - size_t lines; + size_t lines, linecnt, bytecnt; + + linecnt = m->str_range; + bytecnt = linecnt * 80; + if (bytecnt == 0) { + bytecnt = 8192; + } + if (bytecnt > nbytes) { + bytecnt = nbytes; + } if (s == NULL) { ms->search.s_len = 0; ms->search.s = NULL; return 0; } buf = RCAST(const char *, s) + offset; - end = last = RCAST(const char *, s) + nbytes; + end = last = RCAST(const char *, s) + bytecnt; /* mget() guarantees buf <= last */ for (lines = linecnt, b = buf; lines && b < end && ((b = CAST(const char *, @@ -1051,7 +1056,7 @@ b++; } if (lines) - last = RCAST(const char *, s) + nbytes; + last = RCAST(const char *, s) + bytecnt; ms->search.s = buf; ms->search.s_len = last - buf; @@ -1125,7 +1130,6 @@ int *need_separator, int *returnval) { uint32_t soffset, offset = ms->offset; - uint32_t count = m->str_range; int rv, oneed_separator; char *sbuf, *rbuf; union VALUETYPE *p = &ms->ms_value; @@ -1137,17 +1141,13 @@ } if (mcopy(ms, p, m->type, m->flag & INDIR, s, (uint32_t)(offset + o), - (uint32_t)nbytes, count) == -1) + (uint32_t)nbytes, m) == -1) return -1; if ((ms->flags & MAGIC_DEBUG) != 0) { fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, o=%zu, " - "nbytes=%zu, count=%u)\n", m->type, m->flag, offset, o, - nbytes, count); + "nbytes=%zu)\n", m->type, m->flag, offset, o, nbytes); mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); -#ifndef COMPILE_ONLY - file_mdump(m); -#endif } if (m->flag & INDIR) { @@ -1191,7 +1191,7 @@ } switch (cvt_flip(m->in_type, flip)) { case FILE_BYTE: - if (nbytes < (offset + 1)) + if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1226,7 +1226,7 @@ offset = ~offset; break; case FILE_BESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1278,7 +1278,7 @@ offset = ~offset; break; case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1330,7 +1330,7 @@ offset = ~offset; break; case FILE_SHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1367,7 +1367,7 @@ break; case FILE_BELONG: case FILE_BEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1438,7 +1438,7 @@ break; case FILE_LELONG: case FILE_LEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1508,7 +1508,7 @@ offset = ~offset; break; case FILE_MELONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1578,7 +1578,7 @@ offset = ~offset; break; case FILE_LONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1637,30 +1637,27 @@ if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, "indirect +offs=%u\n", offset); } - if (mcopy(ms, p, m->type, 0, s, offset, nbytes, count) == -1) + if (mcopy(ms, p, m->type, 0, s, offset, nbytes, m) == -1) return -1; ms->offset = offset; if ((ms->flags & MAGIC_DEBUG) != 0) { mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); -#ifndef COMPILE_ONLY - file_mdump(m); -#endif } } /* Verify we have enough data to match magic type */ switch (m->type) { case FILE_BYTE: - if (nbytes < (offset + 1)) /* should alway be true */ + if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; @@ -1679,38 +1676,40 @@ case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - if (nbytes < (offset + 8)) + if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: - if (nbytes < (offset + m->vallen)) + if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; case FILE_REGEX: - if (nbytes < offset) + if (OFFSET_OOB(nbytes, offset, 0)) return 0; break; case FILE_INDIRECT: - if (nbytes < offset) + if (offset == 0) + return 0; + if (OFFSET_OOB(nbytes, offset, 0)) return 0; sbuf = ms->o.buf; soffset = ms->offset; ms->o.buf = NULL; ms->offset = 0; rv = file_softmagic(ms, s + offset, nbytes - offset, - BINTEST, text); + recursion_level, BINTEST, text); if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv); rbuf = ms->o.buf; @@ -1718,16 +1717,26 @@ ms->offset = soffset; if (rv == 1) { if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && - file_printf(ms, m->desc, offset) == -1) + file_printf(ms, m->desc, offset) == -1) { + if (rbuf) { + efree(rbuf); + } return -1; - if (file_printf(ms, "%s", rbuf) == -1) + } + if (file_printf(ms, "%s", rbuf) == -1) { + if (rbuf) { + efree(rbuf); + } return -1; - free(rbuf); + } + } + if (rbuf) { + efree(rbuf); } return rv; case FILE_USE: - if (nbytes < offset) + if (OFFSET_OOB(nbytes, offset, 0)) return 0; sbuf = m->value.s; if (*sbuf == '^') { @@ -1837,6 +1846,42 @@ return file_strncmp(a, b, len, flags); } +public void +convert_libmagic_pattern(zval *pattern, int options) +{ + int i, j=0; + char *t; + + t = (char *) safe_emalloc(Z_STRLEN_P(pattern), 2, 5); + + t[j++] = '~'; + + for (i=0; isearch.s == NULL) - return 0; - - l = 0; - rc = regcomp(&rx, m->value.s, - REG_EXTENDED|REG_NEWLINE| - ((m->str_flags & STRING_IGNORE_CASE) ? REG_ICASE : 0)); - if (rc) { - (void)regerror(rc, &rx, errmsg, sizeof(errmsg)); - file_magerror(ms, "regex error %d, (%s)", - rc, errmsg); - v = (uint64_t)-1; - } - else { - regmatch_t pmatch[1]; -#ifndef REG_STARTEND -#define REG_STARTEND 0 - size_t l = ms->search.s_len - 1; - char c = ms->search.s[l]; - ((char *)(intptr_t)ms->search.s)[l] = '\0'; -#else - pmatch[0].rm_so = 0; - pmatch[0].rm_eo = ms->search.s_len; -#endif - rc = regexec(&rx, (const char *)ms->search.s, - 1, pmatch, REG_STARTEND); -#if REG_STARTEND == 0 - ((char *)(intptr_t)ms->search.s)[l] = c; -#endif - switch (rc) { - case 0: - ms->search.s += (int)pmatch[0].rm_so; - ms->search.offset += (size_t)pmatch[0].rm_so; - ms->search.rm_len = - (size_t)(pmatch[0].rm_eo - pmatch[0].rm_so); - v = 0; - break; + zval *pattern; + int options = 0; + pcre_cache_entry *pce; + TSRMLS_FETCH(); + + MAKE_STD_ZVAL(pattern); + ZVAL_STRINGL(pattern, (char *)m->value.s, m->vallen, 0); + + options |= PCRE_MULTILINE; + + if (m->str_flags & STRING_IGNORE_CASE) { + options |= PCRE_CASELESS; + } + + convert_libmagic_pattern(pattern, options); + + l = v = 0; + if ((pce = pcre_get_compiled_regex_cache(Z_STRVAL_P(pattern), Z_STRLEN_P(pattern) TSRMLS_CC)) == NULL) { + zval_dtor(pattern); + FREE_ZVAL(pattern); + return -1; + } else { + /* pce now contains the compiled regex */ + zval *retval; + zval *subpats; + char *haystack; + + MAKE_STD_ZVAL(retval); + ALLOC_INIT_ZVAL(subpats); + + /* Cut the search len from haystack, equals to REG_STARTEND */ + haystack = estrndup(ms->search.s, ms->search.s_len); + + /* match v = 0, no match v = 1 */ + php_pcre_match_impl(pce, haystack, ms->search.s_len, retval, subpats, 1, 1, PREG_OFFSET_CAPTURE, 0 TSRMLS_CC); + /* Free haystack */ + efree(haystack); + + if (Z_LVAL_P(retval) < 0) { + zval_ptr_dtor(&subpats); + FREE_ZVAL(retval); + zval_dtor(pattern); + FREE_ZVAL(pattern); + return -1; + } else if ((Z_LVAL_P(retval) > 0) && (Z_TYPE_P(subpats) == IS_ARRAY)) { + + /* Need to fetch global match which equals pmatch[0] */ + HashTable *ht = Z_ARRVAL_P(subpats); + HashPosition outer_pos; + zval *pattern_match = NULL, *pattern_offset = NULL; + + zend_hash_internal_pointer_reset_ex(ht, &outer_pos); + + if (zend_hash_has_more_elements_ex(ht, &outer_pos) == SUCCESS && + zend_hash_move_forward_ex(ht, &outer_pos)) { + + zval **ppzval; + + /* The first element (should be) is the global match + Need to move to the inner array to get the global match */ + + if (zend_hash_get_current_data_ex(ht, (void**)&ppzval, &outer_pos) != FAILURE) { + + HashTable *inner_ht; + HashPosition inner_pos; + zval **match, **offset; + zval tmpcopy = **ppzval, matchcopy, offsetcopy; + + zval_copy_ctor(&tmpcopy); + INIT_PZVAL(&tmpcopy); + + inner_ht = Z_ARRVAL(tmpcopy); + + /* If everything goes according to the master plan + tmpcopy now contains two elements: + 0 = the match + 1 = starting position of the match */ + zend_hash_internal_pointer_reset_ex(inner_ht, &inner_pos); + + if (zend_hash_has_more_elements_ex(inner_ht, &inner_pos) == SUCCESS && + zend_hash_move_forward_ex(inner_ht, &inner_pos)) { + + if (zend_hash_get_current_data_ex(inner_ht, (void**)&match, &inner_pos) != FAILURE) { + + matchcopy = **match; + zval_copy_ctor(&matchcopy); + INIT_PZVAL(&matchcopy); + convert_to_string(&matchcopy); + + MAKE_STD_ZVAL(pattern_match); + Z_STRVAL_P(pattern_match) = (char *)Z_STRVAL(matchcopy); + Z_STRLEN_P(pattern_match) = Z_STRLEN(matchcopy); + Z_TYPE_P(pattern_match) = IS_STRING; + + zval_dtor(&matchcopy); + } + } + + if (zend_hash_has_more_elements_ex(inner_ht, &inner_pos) == SUCCESS && + zend_hash_move_forward_ex(inner_ht, &inner_pos)) { + + if (zend_hash_get_current_data_ex(inner_ht, (void**)&offset, &inner_pos) != FAILURE) { + + offsetcopy = **offset; + zval_copy_ctor(&offsetcopy); + INIT_PZVAL(&offsetcopy); + convert_to_long(&offsetcopy); + + MAKE_STD_ZVAL(pattern_offset); + Z_LVAL_P(pattern_offset) = Z_LVAL(offsetcopy); + Z_TYPE_P(pattern_offset) = IS_LONG; + + zval_dtor(&offsetcopy); + } + } + zval_dtor(&tmpcopy); + } + + if ((pattern_match != NULL) && (pattern_offset != NULL)) { + ms->search.s += (int)Z_LVAL_P(pattern_offset); /* this is where the match starts */ + ms->search.offset += (size_t)Z_LVAL_P(pattern_offset); /* this is where the match starts as size_t */ + ms->search.rm_len = Z_STRLEN_P(pattern_match) /* This is the length of the matched pattern */; + v = 0; + + efree(pattern_match); + efree(pattern_offset); + + } else { + zval_ptr_dtor(&subpats); + FREE_ZVAL(retval); + zval_dtor(pattern); + FREE_ZVAL(pattern); + return -1; + } + } - case REG_NOMATCH: + + } else { v = 1; - break; - - default: - (void)regerror(rc, &rx, errmsg, sizeof(errmsg)); - file_magerror(ms, "regexec error %d, (%s)", - rc, errmsg); - v = (uint64_t)-1; - break; } - regfree(&rx); + zval_ptr_dtor(&subpats); + FREE_ZVAL(retval); } - if (v == (uint64_t)-1) - return -1; - break; + zval_dtor(pattern); + FREE_ZVAL(pattern); + break; } case FILE_INDIRECT: case FILE_USE: case FILE_NAME: - return 1; + return 1; default: file_magerror(ms, "invalid type %d in magiccheck()", m->type); return -1;