xref: /PHP-7.3/ext/fileinfo/libmagic/funcs.c (revision c62cd9a4) 
1 /*
2  * Copyright (c) Christos Zoulas 2003.
3  * All Rights Reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice immediately at the beginning of the file, without modification,
10  *    this list of conditions, and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
19  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 #include "file.h"
28 
29 #ifndef	lint
30 FILE_RCSID("@(#)$File: funcs.c,v 1.94 2017/11/02 20:25:39 christos Exp $")
31 #endif	/* lint */
32 
33 #include "magic.h"
34 #include <stdarg.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <ctype.h>
38 #if defined(HAVE_WCHAR_H)
39 #include <wchar.h>
40 #endif
41 #if defined(HAVE_WCTYPE_H)
42 #include <wctype.h>
43 #endif
44 #if defined(HAVE_LOCALE_H)
45 #include <locale.h>
46 #endif
47 
48 #ifndef SIZE_MAX
49 #define SIZE_MAX	((size_t)~0)
50 #endif
51 
52 #include "php.h"
53 #include "main/php_network.h"
54 
55 #ifndef PREG_OFFSET_CAPTURE
56 # define PREG_OFFSET_CAPTURE                 (1<<8)
57 #endif
58 
59 protected int
file_printf(struct magic_set * ms,const char * fmt,...)60 file_printf(struct magic_set *ms, const char *fmt, ...)
61 {
62 	va_list ap;
63 	size_t len;
64 	char *buf = NULL, *newstr;
65 
66 	va_start(ap, fmt);
67 	len = vspprintf(&buf, 0, fmt, ap);
68 	va_end(ap);
69 
70 	if (ms->o.buf != NULL) {
71 		len = spprintf(&newstr, 0, "%s%s", ms->o.buf, (buf ? buf : ""));
72 		if (buf) {
73 			efree(buf);
74 		}
75 		efree(ms->o.buf);
76 		ms->o.buf = newstr;
77 	} else {
78 		ms->o.buf = buf;
79 	}
80 	return 0;
81 }
82 
83 /*
84  * error - print best error message possible
85  */
86 /*VARARGS*/
87 private void
file_error_core(struct magic_set * ms,int error,const char * f,va_list va,size_t lineno)88 file_error_core(struct magic_set *ms, int error, const char *f, va_list va,
89     size_t lineno)
90 {
91 	char *buf = NULL;
92 
93 	/* Only the first error is ok */
94 	if (ms->event_flags & EVENT_HAD_ERR)
95 		return;
96 	if (lineno != 0) {
97 		efree(ms->o.buf);
98 		ms->o.buf = NULL;
99 		file_printf(ms, "line %" SIZE_T_FORMAT "u:", lineno);
100 	}
101 
102 	vspprintf(&buf, 0, f, va);
103 	va_end(va);
104 
105 	if (error > 0) {
106 		file_printf(ms, "%s (%s)", (*buf ? buf : ""), strerror(error));
107 	} else if (*buf) {
108 		file_printf(ms, "%s", buf);
109 	}
110 
111 	if (buf) {
112 		efree(buf);
113 	}
114 
115 	ms->event_flags |= EVENT_HAD_ERR;
116 	ms->error = error;
117 }
118 
119 /*VARARGS*/
120 protected void
file_error(struct magic_set * ms,int error,const char * f,...)121 file_error(struct magic_set *ms, int error, const char *f, ...)
122 {
123 	va_list va;
124 	va_start(va, f);
125 	file_error_core(ms, error, f, va, 0);
126 	va_end(va);
127 }
128 
129 /*
130  * Print an error with magic line number.
131  */
132 /*VARARGS*/
133 protected void
file_magerror(struct magic_set * ms,const char * f,...)134 file_magerror(struct magic_set *ms, const char *f, ...)
135 {
136 	va_list va;
137 	va_start(va, f);
138 	file_error_core(ms, 0, f, va, ms->line);
139 	va_end(va);
140 }
141 
142 protected void
file_oomem(struct magic_set * ms,size_t len)143 file_oomem(struct magic_set *ms, size_t len)
144 {
145 	file_error(ms, errno, "cannot allocate %" SIZE_T_FORMAT "u bytes",
146 	    len);
147 }
148 
149 protected void
file_badseek(struct magic_set * ms)150 file_badseek(struct magic_set *ms)
151 {
152 	file_error(ms, errno, "error seeking");
153 }
154 
155 protected void
file_badread(struct magic_set * ms)156 file_badread(struct magic_set *ms)
157 {
158 	file_error(ms, errno, "error reading");
159 }
160 
161 
162 static int
checkdone(struct magic_set * ms,int * rv)163 checkdone(struct magic_set *ms, int *rv)
164 {
165 	if ((ms->flags & MAGIC_CONTINUE) == 0)
166 		return 1;
167 	if (file_printf(ms, "\n- ") == -1)
168 		*rv = -1;
169 	return 0;
170 }
171 
172 /*ARGSUSED*/
173 protected int
file_buffer(struct magic_set * ms,php_stream * stream,const char * inname,const void * buf,size_t nb)174 file_buffer(struct magic_set *ms, php_stream *stream, const char *inname, const void *buf,
175     size_t nb)
176 {
177 	int m = 0, rv = 0, looks_text = 0;
178 	const char *code = NULL;
179 	const char *code_mime = "binary";
180 	const char *type = "application/octet-stream";
181 	const char *def = "data";
182 	const char *ftype = NULL;
183 	struct buffer b;
184 	int fd = -1;
185 
186 	buffer_init(&b, fd, buf, nb);
187 
188 	if (nb == 0) {
189 		def = "empty";
190 		type = "application/x-empty";
191 		goto simple;
192 	} else if (nb == 1) {
193 		def = "very short file (no magic)";
194 		goto simple;
195 	}
196 
197 	if ((ms->flags & MAGIC_NO_CHECK_ENCODING) == 0) {
198 		looks_text = file_encoding(ms, &b, NULL, 0,
199 		    &code, &code_mime, &ftype);
200 	}
201 
202 #ifdef __EMX__
203 	if ((ms->flags & MAGIC_NO_CHECK_APPTYPE) == 0 && inname) {
204 		m = file_os2_apptype(ms, inname, &b);
205 		if ((ms->flags & MAGIC_DEBUG) != 0)
206 			(void)fprintf(stderr, "[try os2_apptype %d]\n", m);
207 		switch (m) {
208 		case -1:
209 			return -1;
210 		case 0:
211 			break;
212 		default:
213 			return 1;
214 		}
215 	}
216 #endif
217 
218 #if PHP_FILEINFO_UNCOMPRESS
219 	if ((ms->flags & MAGIC_NO_CHECK_COMPRESS) == 0) {
220 		m = file_zmagic(ms, &b, inname);
221 		if ((ms->flags & MAGIC_DEBUG) != 0)
222 			(void)fprintf(stderr, "[try zmagic %d]\n", m);
223 		if (m) {
224 			goto done_encoding;
225 		}
226 	}
227 #endif
228 	/* Check if we have a tar file */
229 	if ((ms->flags & MAGIC_NO_CHECK_TAR) == 0) {
230 		m = file_is_tar(ms, &b);
231 		if ((ms->flags & MAGIC_DEBUG) != 0)
232 			(void)fprintf(stderr, "[try tar %d]\n", m);
233 		if (m) {
234 			if (checkdone(ms, &rv))
235 				goto done;
236 		}
237 	}
238 
239 	/* Check if we have a CDF file */
240 	if ((ms->flags & MAGIC_NO_CHECK_CDF) == 0 && stream) {
241 #ifdef _WIN64
242 		php_socket_t _fd = fd;
243 		int _ret = php_stream_cast(stream, PHP_STREAM_AS_FD, (void **)&_fd, 0);
244 		fd = (int)_fd;
245 #else
246 		int _ret = php_stream_cast(stream, PHP_STREAM_AS_FD, (void **)&fd, 0);
247 #endif
248 		if (SUCCESS == _ret) {
249 			m = file_trycdf(ms, &b);
250 			if ((ms->flags & MAGIC_DEBUG) != 0)
251 				(void)fprintf(stderr, "[try cdf %d]\n", m);
252 			if (m) {
253 				if (checkdone(ms, &rv))
254 					goto done;
255 			}
256 		}
257 	}
258 
259 	/* try soft magic tests */
260 	if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) {
261 		m = file_softmagic(ms, &b, NULL, NULL, BINTEST, looks_text);
262 		if ((ms->flags & MAGIC_DEBUG) != 0)
263 			(void)fprintf(stderr, "[try softmagic %d]\n", m);
264 		if (m) {
265 #ifdef BUILTIN_ELF
266 			if ((ms->flags & MAGIC_NO_CHECK_ELF) == 0 && m == 1 &&
267 			    nb > 5 && fd != -1) {
268 				/*
269 				 * We matched something in the file, so this
270 				 * *might* be an ELF file, and the file is at
271 				 * least 5 bytes long, so if it's an ELF file
272 				 * it has at least one byte past the ELF magic
273 				 * number - try extracting information from the
274 				 * ELF headers that cannot easily * be
275 				 * extracted with rules in the magic file.
276 				 */
277 				m = file_tryelf(ms, &b);
278 				if ((ms->flags & MAGIC_DEBUG) != 0)
279 					(void)fprintf(stderr, "[try elf %d]\n",
280 					    m);
281 			}
282 #endif
283 			if (checkdone(ms, &rv))
284 				goto done;
285 		}
286 	}
287 
288 	/* try text properties */
289 	if ((ms->flags & MAGIC_NO_CHECK_TEXT) == 0) {
290 
291 		m = file_ascmagic(ms, &b, looks_text);
292 		if ((ms->flags & MAGIC_DEBUG) != 0)
293 			(void)fprintf(stderr, "[try ascmagic %d]\n", m);
294 		if (m) {
295 			if (checkdone(ms, &rv))
296 				goto done;
297 		}
298 	}
299 
300 simple:
301 	/* give up */
302 	m = 1;
303 	if (ms->flags & MAGIC_MIME) {
304 		if ((ms->flags & MAGIC_MIME_TYPE) &&
305 		    file_printf(ms, "%s", type) == -1)
306 			rv = -1;
307 	} else if (ms->flags & MAGIC_APPLE) {
308 		if (file_printf(ms, "UNKNUNKN") == -1)
309 			rv = -1;
310 	} else if (ms->flags & MAGIC_EXTENSION) {
311 		if (file_printf(ms, "???") == -1)
312 			rv = -1;
313 	} else {
314 		if (file_printf(ms, "%s", def) == -1)
315 			rv = -1;
316 	}
317  done:
318 	if ((ms->flags & MAGIC_MIME_ENCODING) != 0) {
319 		if (ms->flags & MAGIC_MIME_TYPE)
320 			if (file_printf(ms, "; charset=") == -1)
321 				rv = -1;
322 		if (file_printf(ms, "%s", code_mime) == -1)
323 			rv = -1;
324 	}
325 #if PHP_FILEINFO_UNCOMPRESS
326  done_encoding:
327 #endif
328 	buffer_fini(&b);
329 	if (rv)
330 		return rv;
331 
332 	return m;
333 }
334 
335 protected int
file_reset(struct magic_set * ms,int checkloaded)336 file_reset(struct magic_set *ms, int checkloaded)
337 {
338 	if (checkloaded && ms->mlist[0] == NULL) {
339 		file_error(ms, 0, "no magic files loaded");
340 		return -1;
341 	}
342 	if (ms->o.buf) {
343 		efree(ms->o.buf);
344 		ms->o.buf = NULL;
345 	}
346 	if (ms->o.pbuf) {
347 		efree(ms->o.pbuf);
348 		ms->o.pbuf = NULL;
349 	}
350 	ms->event_flags &= ~EVENT_HAD_ERR;
351 	ms->error = -1;
352 	return 0;
353 }
354 
355 #define OCTALIFY(n, o)	\
356 	/*LINTED*/ \
357 	(void)(*(n)++ = '\\', \
358 	*(n)++ = (((uint32_t)*(o) >> 6) & 3) + '0', \
359 	*(n)++ = (((uint32_t)*(o) >> 3) & 7) + '0', \
360 	*(n)++ = (((uint32_t)*(o) >> 0) & 7) + '0', \
361 	(o)++)
362 
363 protected const char *
file_getbuffer(struct magic_set * ms)364 file_getbuffer(struct magic_set *ms)
365 {
366 	char *pbuf, *op, *np;
367 	size_t psize, len;
368 
369 	if (ms->event_flags & EVENT_HAD_ERR)
370 		return NULL;
371 
372 	if (ms->flags & MAGIC_RAW)
373 		return ms->o.buf;
374 
375 	if (ms->o.buf == NULL)
376 		return NULL;
377 
378 	/* * 4 is for octal representation, + 1 is for NUL */
379 	len = strlen(ms->o.buf);
380 	if (len > (SIZE_MAX - 1) / 4) {
381 		file_oomem(ms, len);
382 		return NULL;
383 	}
384 	psize = len * 4 + 1;
385 	if ((pbuf = CAST(char *, erealloc(ms->o.pbuf, psize))) == NULL) {
386 		file_oomem(ms, psize);
387 		return NULL;
388 	}
389 	ms->o.pbuf = pbuf;
390 
391 #if defined(HAVE_WCHAR_H) && defined(HAVE_MBRTOWC) && defined(HAVE_WCWIDTH)
392 	{
393 		mbstate_t state;
394 		wchar_t nextchar;
395 		int mb_conv = 1;
396 		size_t bytesconsumed;
397 		char *eop;
398 		(void)memset(&state, 0, sizeof(mbstate_t));
399 
400 		np = ms->o.pbuf;
401 		op = ms->o.buf;
402 		eop = op + len;
403 
404 		while (op < eop) {
405 			bytesconsumed = mbrtowc(&nextchar, op,
406 			    (size_t)(eop - op), &state);
407 			if (bytesconsumed == (size_t)(-1) ||
408 			    bytesconsumed == (size_t)(-2)) {
409 				mb_conv = 0;
410 				break;
411 			}
412 
413 			if (iswprint(nextchar)) {
414 				(void)memcpy(np, op, bytesconsumed);
415 				op += bytesconsumed;
416 				np += bytesconsumed;
417 			} else {
418 				while (bytesconsumed-- > 0)
419 					OCTALIFY(np, op);
420 			}
421 		}
422 		*np = '\0';
423 
424 		/* Parsing succeeded as a multi-byte sequence */
425 		if (mb_conv != 0)
426 			return ms->o.pbuf;
427 	}
428 #endif
429 
430 	for (np = ms->o.pbuf, op = ms->o.buf; *op;) {
431 		if (isprint((unsigned char)*op)) {
432 			*np++ = *op++;
433 		} else {
434 			OCTALIFY(np, op);
435 		}
436 	}
437 	*np = '\0';
438 	return ms->o.pbuf;
439 }
440 
441 protected int
file_check_mem(struct magic_set * ms,unsigned int level)442 file_check_mem(struct magic_set *ms, unsigned int level)
443 {
444 	size_t len;
445 
446 	if (level >= ms->c.len) {
447 		len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
448 		ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
449 		    emalloc(len) :
450 		    erealloc(ms->c.li, len));
451 		if (ms->c.li == NULL) {
452 			file_oomem(ms, len);
453 			return -1;
454 		}
455 	}
456 	ms->c.li[level].got_match = 0;
457 #ifdef ENABLE_CONDITIONALS
458 	ms->c.li[level].last_match = 0;
459 	ms->c.li[level].last_cond = COND_NONE;
460 #endif /* ENABLE_CONDITIONALS */
461 	return 0;
462 }
463 
464 protected size_t
file_printedlen(const struct magic_set * ms)465 file_printedlen(const struct magic_set *ms)
466 {
467 	return ms->o.buf == NULL ? 0 : strlen(ms->o.buf);
468 }
469 
470 protected int
file_replace(struct magic_set * ms,const char * pat,const char * rep)471 file_replace(struct magic_set *ms, const char *pat, const char *rep)
472 {
473 	zval patt;
474 	uint32_t opts = 0;
475 	pcre_cache_entry *pce;
476 	zend_string *res;
477 	zend_string *repl;
478 	size_t rep_cnt = 0;
479 
480 	opts |= PCRE2_MULTILINE;
481 	convert_libmagic_pattern(&patt, (char*)pat, strlen(pat), opts);
482 	if ((pce = pcre_get_compiled_regex_cache_ex(Z_STR(patt), 0)) == NULL) {
483 		zval_ptr_dtor(&patt);
484 		rep_cnt = -1;
485 		goto out;
486 	}
487 	zval_ptr_dtor(&patt);
488 
489 	repl = zend_string_init(rep, strlen(rep), 0);
490 	res = php_pcre_replace_impl(pce, NULL, ms->o.buf, strlen(ms->o.buf), repl, -1, &rep_cnt);
491 
492 	zend_string_release_ex(repl, 0);
493 	if (NULL == res) {
494 		rep_cnt = -1;
495 		goto out;
496 	}
497 
498 	strncpy(ms->o.buf, ZSTR_VAL(res), ZSTR_LEN(res));
499 	ms->o.buf[ZSTR_LEN(res)] = '\0';
500 
501 	zend_string_release_ex(res, 0);
502 
503 out:
504 	return rep_cnt;
505 }
506 
507 protected file_pushbuf_t *
file_push_buffer(struct magic_set * ms)508 file_push_buffer(struct magic_set *ms)
509 {
510 	file_pushbuf_t *pb;
511 
512 	if (ms->event_flags & EVENT_HAD_ERR)
513 		return NULL;
514 
515 	if ((pb = (CAST(file_pushbuf_t *, emalloc(sizeof(*pb))))) == NULL)
516 		return NULL;
517 
518 	pb->buf = ms->o.buf;
519 	pb->offset = ms->offset;
520 
521 	ms->o.buf = NULL;
522 	ms->offset = 0;
523 
524 	return pb;
525 }
526 
527 protected char *
file_pop_buffer(struct magic_set * ms,file_pushbuf_t * pb)528 file_pop_buffer(struct magic_set *ms, file_pushbuf_t *pb)
529 {
530 	char *rbuf;
531 
532 	if (ms->event_flags & EVENT_HAD_ERR) {
533 		efree(pb->buf);
534 		efree(pb);
535 		return NULL;
536 	}
537 
538 	rbuf = ms->o.buf;
539 
540 	ms->o.buf = pb->buf;
541 	ms->offset = pb->offset;
542 
543 	efree(pb);
544 	return rbuf;
545 }
546 
547 /*
548  * convert string to ascii printable format.
549  */
550 protected char *
file_printable(char * buf,size_t bufsiz,const char * str)551 file_printable(char *buf, size_t bufsiz, const char *str)
552 {
553 	char *ptr, *eptr;
554 	const unsigned char *s = (const unsigned char *)str;
555 
556 	for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
557 		if (isprint(*s)) {
558 			*ptr++ = *s;
559 			continue;
560 		}
561 		if (ptr >= eptr - 3)
562 			break;
563 		*ptr++ = '\\';
564 		*ptr++ = ((CAST(unsigned int, *s) >> 6) & 7) + '0';
565 		*ptr++ = ((CAST(unsigned int, *s) >> 3) & 7) + '0';
566 		*ptr++ = ((CAST(unsigned int, *s) >> 0) & 7) + '0';
567 	}
568 	*ptr = '\0';
569 	return buf;
570 }
571