1 /*
2 * Copyright (c) Christos Zoulas 2003.
3 * All Rights Reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice immediately at the beginning of the file, without modification,
10 * this list of conditions, and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
19 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27 #include "file.h"
28
29 #ifndef lint
30 FILE_RCSID("@(#)$File: funcs.c,v 1.104 2019/05/07 02:27:11 christos Exp $")
31 #endif /* lint */
32
33 #include "magic.h"
34 #include <stdarg.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <ctype.h>
38 #if defined(HAVE_WCHAR_H)
39 #include <wchar.h>
40 #endif
41 #if defined(HAVE_WCTYPE_H)
42 #include <wctype.h>
43 #endif
44 #include <limits.h>
45
46 #ifndef SIZE_MAX
47 #define SIZE_MAX ((size_t)~0)
48 #endif
49
50 #include "php.h"
51 #include "main/php_network.h"
52
53 #ifndef PREG_OFFSET_CAPTURE
54 # define PREG_OFFSET_CAPTURE (1<<8)
55 #endif
56
57 protected int
file_printf(struct magic_set * ms,const char * fmt,...)58 file_printf(struct magic_set *ms, const char *fmt, ...)
59 {
60 va_list ap;
61 char *buf = NULL, *newstr;
62
63 va_start(ap, fmt);
64 vspprintf(&buf, 0, fmt, ap);
65 va_end(ap);
66
67 if (ms->o.buf != NULL) {
68 spprintf(&newstr, 0, "%s%s", ms->o.buf, (buf ? buf : ""));
69 if (buf) {
70 efree(buf);
71 }
72 efree(ms->o.buf);
73 ms->o.buf = newstr;
74 } else {
75 ms->o.buf = buf;
76 }
77 return 0;
78 }
79
80 /*
81 * error - print best error message possible
82 */
83 /*VARARGS*/
84 private void
file_error_core(struct magic_set * ms,int error,const char * f,va_list va,size_t lineno)85 file_error_core(struct magic_set *ms, int error, const char *f, va_list va,
86 size_t lineno)
87 {
88 char *buf = NULL;
89
90 /* Only the first error is ok */
91 if (ms->event_flags & EVENT_HAD_ERR)
92 return;
93 if (lineno != 0) {
94 efree(ms->o.buf);
95 ms->o.buf = NULL;
96 file_printf(ms, "line %" SIZE_T_FORMAT "u:", lineno);
97 }
98
99 vspprintf(&buf, 0, f, va);
100 va_end(va);
101
102 if (error > 0) {
103 file_printf(ms, "%s (%s)", (*buf ? buf : ""), strerror(error));
104 } else if (*buf) {
105 file_printf(ms, "%s", buf);
106 }
107
108 if (buf) {
109 efree(buf);
110 }
111
112 ms->event_flags |= EVENT_HAD_ERR;
113 ms->error = error;
114 }
115
116 /*VARARGS*/
117 protected void
file_error(struct magic_set * ms,int error,const char * f,...)118 file_error(struct magic_set *ms, int error, const char *f, ...)
119 {
120 va_list va;
121 va_start(va, f);
122 file_error_core(ms, error, f, va, 0);
123 va_end(va);
124 }
125
126 /*
127 * Print an error with magic line number.
128 */
129 /*VARARGS*/
130 protected void
file_magerror(struct magic_set * ms,const char * f,...)131 file_magerror(struct magic_set *ms, const char *f, ...)
132 {
133 va_list va;
134 va_start(va, f);
135 file_error_core(ms, 0, f, va, ms->line);
136 va_end(va);
137 }
138
139 protected void
file_oomem(struct magic_set * ms,size_t len)140 file_oomem(struct magic_set *ms, size_t len)
141 {
142 file_error(ms, errno, "cannot allocate %" SIZE_T_FORMAT "u bytes",
143 len);
144 }
145
146 protected void
file_badseek(struct magic_set * ms)147 file_badseek(struct magic_set *ms)
148 {
149 file_error(ms, errno, "error seeking");
150 }
151
152 protected void
file_badread(struct magic_set * ms)153 file_badread(struct magic_set *ms)
154 {
155 file_error(ms, errno, "error reading");
156 }
157
158 protected int
file_separator(struct magic_set * ms)159 file_separator(struct magic_set *ms)
160 {
161 return file_printf(ms, "\n- ");
162 }
163
164 static int
checkdone(struct magic_set * ms,int * rv)165 checkdone(struct magic_set *ms, int *rv)
166 {
167 if ((ms->flags & MAGIC_CONTINUE) == 0)
168 return 1;
169 if (file_separator(ms) == -1)
170 *rv = -1;
171 return 0;
172 }
173
174 protected int
file_default(struct magic_set * ms,size_t nb)175 file_default(struct magic_set *ms, size_t nb)
176 {
177 if (ms->flags & MAGIC_MIME) {
178 if ((ms->flags & MAGIC_MIME_TYPE) &&
179 file_printf(ms, "application/%s",
180 nb ? "octet-stream" : "x-empty") == -1)
181 return -1;
182 return 1;
183 }
184 if (ms->flags & MAGIC_APPLE) {
185 if (file_printf(ms, "UNKNUNKN") == -1)
186 return -1;
187 return 1;
188 }
189 if (ms->flags & MAGIC_EXTENSION) {
190 if (file_printf(ms, "???") == -1)
191 return -1;
192 return 1;
193 }
194 return 0;
195 }
196
197 /*
198 * The magic detection functions return:
199 * 1: found
200 * 0: not found
201 * -1: error
202 */
203 /*ARGSUSED*/
204 protected int
file_buffer(struct magic_set * ms,php_stream * stream,zend_stat_t * st,const char * inname,const void * buf,size_t nb)205 file_buffer(struct magic_set *ms, php_stream *stream, zend_stat_t *st,
206 const char *inname,
207 const void *buf, size_t nb)
208 {
209 int m = 0, rv = 0, looks_text = 0;
210 const char *code = NULL;
211 const char *code_mime = "binary";
212 const char *def = "data";
213 const char *ftype = NULL;
214 char *rbuf = NULL;
215 struct buffer b;
216 int fd = -1;
217
218 if (stream) {
219 #ifdef _WIN64
220 php_socket_t _fd = fd;
221 #else
222 int _fd;
223 #endif
224 int _ret = php_stream_cast(stream, PHP_STREAM_AS_FD, (void **)&_fd, 0);
225 if (SUCCESS == _ret) {
226 fd = (int)_fd;
227 }
228 }
229
230 buffer_init(&b, fd, st, buf, nb);
231 ms->mode = b.st.st_mode;
232
233 if (nb == 0) {
234 def = "empty";
235 goto simple;
236 } else if (nb == 1) {
237 def = "very short file (no magic)";
238 goto simple;
239 }
240
241 if ((ms->flags & MAGIC_NO_CHECK_ENCODING) == 0) {
242 looks_text = file_encoding(ms, &b, NULL, 0,
243 &code, &code_mime, &ftype);
244 }
245
246 #ifdef __EMX__
247 if ((ms->flags & MAGIC_NO_CHECK_APPTYPE) == 0 && inname) {
248 m = file_os2_apptype(ms, inname, &b);
249 if ((ms->flags & MAGIC_DEBUG) != 0)
250 (void)fprintf(stderr, "[try os2_apptype %d]\n", m);
251 switch (m) {
252 case -1:
253 return -1;
254 case 0:
255 break;
256 default:
257 return 1;
258 }
259 }
260 #endif
261
262 #if PHP_FILEINFO_UNCOMPRESS
263 if ((ms->flags & MAGIC_NO_CHECK_COMPRESS) == 0) {
264 m = file_zmagic(ms, &b, inname);
265 if ((ms->flags & MAGIC_DEBUG) != 0)
266 (void)fprintf(stderr, "[try zmagic %d]\n", m);
267 if (m) {
268 goto done_encoding;
269 }
270 }
271 #endif
272 /* Check if we have a tar file */
273 if ((ms->flags & MAGIC_NO_CHECK_TAR) == 0) {
274 m = file_is_tar(ms, &b);
275 if ((ms->flags & MAGIC_DEBUG) != 0)
276 (void)fprintf(stderr, "[try tar %d]\n", m);
277 if (m) {
278 if (checkdone(ms, &rv))
279 goto done;
280 }
281 }
282
283 /* Check if we have a JSON file */
284 if ((ms->flags & MAGIC_NO_CHECK_JSON) == 0) {
285 m = file_is_json(ms, &b);
286 if ((ms->flags & MAGIC_DEBUG) != 0)
287 (void)fprintf(stderr, "[try json %d]\n", m);
288 if (m) {
289 if (checkdone(ms, &rv))
290 goto done;
291 }
292 }
293
294 /* Check if we have a CDF file */
295 if ((ms->flags & MAGIC_NO_CHECK_CDF) == 0) {
296 m = file_trycdf(ms, &b);
297 if ((ms->flags & MAGIC_DEBUG) != 0)
298 (void)fprintf(stderr, "[try cdf %d]\n", m);
299 if (m) {
300 if (checkdone(ms, &rv))
301 goto done;
302 }
303 }
304 #ifdef BUILTIN_ELF
305 if ((ms->flags & MAGIC_NO_CHECK_ELF) == 0 && nb > 5 && fd != -1) {
306 file_pushbuf_t *pb;
307 /*
308 * We matched something in the file, so this
309 * *might* be an ELF file, and the file is at
310 * least 5 bytes long, so if it's an ELF file
311 * it has at least one byte past the ELF magic
312 * number - try extracting information from the
313 * ELF headers that cannot easily be extracted
314 * with rules in the magic file. We we don't
315 * print the information yet.
316 */
317 if ((pb = file_push_buffer(ms)) == NULL)
318 return -1;
319
320 rv = file_tryelf(ms, &b);
321 rbuf = file_pop_buffer(ms, pb);
322 if (rv == -1) {
323 free(rbuf);
324 rbuf = NULL;
325 }
326 if ((ms->flags & MAGIC_DEBUG) != 0)
327 (void)fprintf(stderr, "[try elf %d]\n", m);
328 }
329 #endif
330
331 /* try soft magic tests */
332 if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) {
333 m = file_softmagic(ms, &b, NULL, NULL, BINTEST, looks_text);
334 if ((ms->flags & MAGIC_DEBUG) != 0)
335 (void)fprintf(stderr, "[try softmagic %d]\n", m);
336 if (m == 1 && rbuf) {
337 if (file_printf(ms, "%s", rbuf) == -1)
338 goto done;
339 }
340 if (m) {
341 if (checkdone(ms, &rv))
342 goto done;
343 }
344 }
345
346 /* try text properties */
347 if ((ms->flags & MAGIC_NO_CHECK_TEXT) == 0) {
348
349 m = file_ascmagic(ms, &b, looks_text);
350 if ((ms->flags & MAGIC_DEBUG) != 0)
351 (void)fprintf(stderr, "[try ascmagic %d]\n", m);
352 if (m) {
353 goto done;
354 }
355 }
356
357 simple:
358 /* give up */
359 if (m == 0) {
360 m = 1;
361 rv = file_default(ms, nb);
362 if (rv == 0)
363 if (file_printf(ms, "%s", def) == -1)
364 rv = -1;
365 }
366 done:
367 if ((ms->flags & MAGIC_MIME_ENCODING) != 0) {
368 if (ms->flags & MAGIC_MIME_TYPE)
369 if (file_printf(ms, "; charset=") == -1)
370 rv = -1;
371 if (file_printf(ms, "%s", code_mime) == -1)
372 rv = -1;
373 }
374 #if PHP_FILEINFO_UNCOMPRESS
375 done_encoding:
376 #endif
377 efree(rbuf);
378 buffer_fini(&b);
379 if (rv)
380 return rv;
381
382 return m;
383 }
384
385 protected int
file_reset(struct magic_set * ms,int checkloaded)386 file_reset(struct magic_set *ms, int checkloaded)
387 {
388 if (checkloaded && ms->mlist[0] == NULL) {
389 file_error(ms, 0, "no magic files loaded");
390 return -1;
391 }
392 if (ms->o.buf) {
393 efree(ms->o.buf);
394 ms->o.buf = NULL;
395 }
396 if (ms->o.pbuf) {
397 efree(ms->o.pbuf);
398 ms->o.pbuf = NULL;
399 }
400 ms->event_flags &= ~EVENT_HAD_ERR;
401 ms->error = -1;
402 return 0;
403 }
404
405 #define OCTALIFY(n, o) \
406 /*LINTED*/ \
407 (void)(*(n)++ = '\\', \
408 *(n)++ = ((CAST(uint32_t, *(o)) >> 6) & 3) + '0', \
409 *(n)++ = ((CAST(uint32_t, *(o)) >> 3) & 7) + '0', \
410 *(n)++ = ((CAST(uint32_t, *(o)) >> 0) & 7) + '0', \
411 (o)++)
412
413 protected const char *
file_getbuffer(struct magic_set * ms)414 file_getbuffer(struct magic_set *ms)
415 {
416 char *pbuf, *op, *np;
417 size_t psize, len;
418
419 if (ms->event_flags & EVENT_HAD_ERR)
420 return NULL;
421
422 if (ms->flags & MAGIC_RAW)
423 return ms->o.buf;
424
425 if (ms->o.buf == NULL)
426 return NULL;
427
428 /* * 4 is for octal representation, + 1 is for NUL */
429 len = strlen(ms->o.buf);
430 if (len > (SIZE_MAX - 1) / 4) {
431 file_oomem(ms, len);
432 return NULL;
433 }
434 psize = len * 4 + 1;
435 if ((pbuf = CAST(char *, erealloc(ms->o.pbuf, psize))) == NULL) {
436 file_oomem(ms, psize);
437 return NULL;
438 }
439 ms->o.pbuf = pbuf;
440
441 #if defined(HAVE_WCHAR_H) && defined(HAVE_MBRTOWC) && defined(HAVE_WCWIDTH)
442 {
443 mbstate_t state;
444 wchar_t nextchar;
445 int mb_conv = 1;
446 size_t bytesconsumed;
447 char *eop;
448 (void)memset(&state, 0, sizeof(mbstate_t));
449
450 np = ms->o.pbuf;
451 op = ms->o.buf;
452 eop = op + len;
453
454 while (op < eop) {
455 bytesconsumed = mbrtowc(&nextchar, op,
456 CAST(size_t, eop - op), &state);
457 if (bytesconsumed == CAST(size_t, -1) ||
458 bytesconsumed == CAST(size_t, -2)) {
459 mb_conv = 0;
460 break;
461 }
462
463 if (iswprint(nextchar)) {
464 (void)memcpy(np, op, bytesconsumed);
465 op += bytesconsumed;
466 np += bytesconsumed;
467 } else {
468 while (bytesconsumed-- > 0)
469 OCTALIFY(np, op);
470 }
471 }
472 *np = '\0';
473
474 /* Parsing succeeded as a multi-byte sequence */
475 if (mb_conv != 0)
476 return ms->o.pbuf;
477 }
478 #endif
479
480 for (np = ms->o.pbuf, op = ms->o.buf; *op;) {
481 if (isprint(CAST(unsigned char, *op))) {
482 *np++ = *op++;
483 } else {
484 OCTALIFY(np, op);
485 }
486 }
487 *np = '\0';
488 return ms->o.pbuf;
489 }
490
491 protected int
file_check_mem(struct magic_set * ms,unsigned int level)492 file_check_mem(struct magic_set *ms, unsigned int level)
493 {
494 size_t len;
495
496 if (level >= ms->c.len) {
497 len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
498 ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
499 emalloc(len) :
500 erealloc(ms->c.li, len));
501 if (ms->c.li == NULL) {
502 file_oomem(ms, len);
503 return -1;
504 }
505 }
506 ms->c.li[level].got_match = 0;
507 #ifdef ENABLE_CONDITIONALS
508 ms->c.li[level].last_match = 0;
509 ms->c.li[level].last_cond = COND_NONE;
510 #endif /* ENABLE_CONDITIONALS */
511 return 0;
512 }
513
514 protected size_t
file_printedlen(const struct magic_set * ms)515 file_printedlen(const struct magic_set *ms)
516 {
517 return ms->o.buf == NULL ? 0 : strlen(ms->o.buf);
518 }
519
520 protected int
file_replace(struct magic_set * ms,const char * pat,const char * rep)521 file_replace(struct magic_set *ms, const char *pat, const char *rep)
522 {
523 zval patt;
524 uint32_t opts = 0;
525 pcre_cache_entry *pce;
526 zend_string *res;
527 zend_string *repl;
528 size_t rep_cnt = 0;
529
530 opts |= PCRE2_MULTILINE;
531 convert_libmagic_pattern(&patt, (char*)pat, strlen(pat), opts);
532 if ((pce = pcre_get_compiled_regex_cache_ex(Z_STR(patt), 0)) == NULL) {
533 zval_ptr_dtor(&patt);
534 rep_cnt = -1;
535 goto out;
536 }
537 zval_ptr_dtor(&patt);
538
539 repl = zend_string_init(rep, strlen(rep), 0);
540 res = php_pcre_replace_impl(pce, NULL, ms->o.buf, strlen(ms->o.buf), repl, -1, &rep_cnt);
541
542 zend_string_release_ex(repl, 0);
543 if (NULL == res) {
544 rep_cnt = -1;
545 goto out;
546 }
547
548 strncpy(ms->o.buf, ZSTR_VAL(res), ZSTR_LEN(res));
549 ms->o.buf[ZSTR_LEN(res)] = '\0';
550
551 zend_string_release_ex(res, 0);
552
553 out:
554 return rep_cnt;
555 }
556
557 protected file_pushbuf_t *
file_push_buffer(struct magic_set * ms)558 file_push_buffer(struct magic_set *ms)
559 {
560 file_pushbuf_t *pb;
561
562 if (ms->event_flags & EVENT_HAD_ERR)
563 return NULL;
564
565 if ((pb = (CAST(file_pushbuf_t *, emalloc(sizeof(*pb))))) == NULL)
566 return NULL;
567
568 pb->buf = ms->o.buf;
569 pb->offset = ms->offset;
570
571 ms->o.buf = NULL;
572 ms->offset = 0;
573
574 return pb;
575 }
576
577 protected char *
file_pop_buffer(struct magic_set * ms,file_pushbuf_t * pb)578 file_pop_buffer(struct magic_set *ms, file_pushbuf_t *pb)
579 {
580 char *rbuf;
581
582 if (ms->event_flags & EVENT_HAD_ERR) {
583 efree(pb->buf);
584 efree(pb);
585 return NULL;
586 }
587
588 rbuf = ms->o.buf;
589
590 ms->o.buf = pb->buf;
591 ms->offset = pb->offset;
592
593 efree(pb);
594 return rbuf;
595 }
596
597 /*
598 * convert string to ascii printable format.
599 */
600 protected char *
file_printable(char * buf,size_t bufsiz,const char * str,size_t slen)601 file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
602 {
603 char *ptr, *eptr = buf + bufsiz - 1;
604 const unsigned char *s = RCAST(const unsigned char *, str);
605 const unsigned char *es = s + slen;
606
607 for (ptr = buf; ptr < eptr && s < es && *s; s++) {
608 if (isprint(*s)) {
609 *ptr++ = *s;
610 continue;
611 }
612 if (ptr >= eptr - 3)
613 break;
614 *ptr++ = '\\';
615 *ptr++ = ((CAST(unsigned int, *s) >> 6) & 7) + '0';
616 *ptr++ = ((CAST(unsigned int, *s) >> 3) & 7) + '0';
617 *ptr++ = ((CAST(unsigned int, *s) >> 0) & 7) + '0';
618 }
619 *ptr = '\0';
620 return buf;
621 }
622
