From owner-svn-src-all@freebsd.org  Sun May  8 18:15:59 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6188DB3378F;
 Sun,  8 May 2016 18:15:59 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3DFC11BCC;
 Sun,  8 May 2016 18:15:59 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u48IFwpS032755;
 Sun, 8 May 2016 18:15:58 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u48IFwJ8032754;
 Sun, 8 May 2016 18:15:58 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201605081815.u48IFwJ8032754@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Sun, 8 May 2016 18:15:58 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-vendor@freebsd.org
Subject: svn commit: r299237 - vendor/file/dist/src
X-SVN-Group: vendor
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 May 2016 18:15:59 -0000

Author: delphij
Date: Sun May  8 18:15:58 2016
New Revision: 299237
URL: https://svnweb.freebsd.org/changeset/base/299237

Log:
  Apply upstream changes:
  
  3ca1d7b07cf7b7c7433e8dabbcbc566c64c6e07f Don't make exceeding magic
  offsets an error; just fail this magic entry test. Consider truncated
  files...
  
  20c59ad54afc7427ea680f84c8ee5a576ba54b08: Downgrade DER comparison
  and offset lookup failures to be handled as match failures.
  
  Upstream bug: http://bugs.gw.com/view.php?id=540

Modified:
  vendor/file/dist/src/softmagic.c

Modified: vendor/file/dist/src/softmagic.c
==============================================================================
--- vendor/file/dist/src/softmagic.c	Sun May  8 18:09:30 2016	(r299236)
+++ vendor/file/dist/src/softmagic.c	Sun May  8 18:15:58 2016	(r299237)
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.229 2016/03/21 23:04:40 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.230 2016/04/18 15:10:34 christos Exp $")
 #endif	/* lint */
 
 #include "magic.h"
@@ -186,11 +186,11 @@ match(struct magic_set *ms, struct magic
 		     ((text && (m->str_flags & FLT) == STRING_BINTEST) ||
 		      (!text && (m->str_flags & FLT) == STRING_TEXTTEST))) ||
 		    (m->flag & mode) != mode) {
+flush:
 			/* Skip sub-tests */
-			while (magindex + 1 < nmagic &&
-                               magic[magindex + 1].cont_level != 0 &&
-			       ++magindex)
-				continue;
+			while (magindex < nmagic - 1 &&
+			    magic[magindex + 1].cont_level != 0)
+				magindex++;
 			continue; /* Skip to next top-level test*/
 		}
 
@@ -227,10 +227,7 @@ match(struct magic_set *ms, struct magic
 			 * main entry didn't match,
 			 * flush its continuations
 			 */
-			while (magindex < nmagic - 1 &&
-			    magic[magindex + 1].cont_level != 0)
-				magindex++;
-			continue;
+			goto flush;
 		}
 
 		if ((e = handle_annotation(ms, m)) != 0) {
@@ -255,8 +252,13 @@ match(struct magic_set *ms, struct magic
 		if (print && mprint(ms, m) == -1)
 			return -1;
 
-		if (moffset(ms, m, nbytes, &ms->c.li[cont_level].off) == -1)
-			return -1;
+		switch (moffset(ms, m, nbytes, &ms->c.li[cont_level].off)) {
+		case -1:
+		case 0:
+			goto flush;
+		default:
+			break;
+		}
 
 		/* and any continuations that match */
 		if (file_check_mem(ms, ++cont_level) == -1)
@@ -362,9 +364,15 @@ match(struct magic_set *ms, struct magic
 				if (print && mprint(ms, m) == -1)
 					return -1;
 
-				if (moffset(ms, m, nbytes,
-				    &ms->c.li[cont_level].off) == -1)
-					return -1;
+				switch (moffset(ms, m, nbytes,
+				    &ms->c.li[cont_level].off)) {
+				case -1:
+				case 0:
+					flush = 1;
+					break;
+				default:
+					break;
+				}
 
 				if (*m->desc)
 					*need_separator = 1;
@@ -813,9 +821,13 @@ moffset(struct magic_set *ms, struct mag
 	case FILE_DER:
 		{
 			o = der_offs(ms, m, nbytes);
-			if (o == -1) {
-				file_error(ms, 0, "EOF computing DER offset");
-				return -1;
+			if (o == -1 || (size_t)o > nbytes) {
+				if ((ms->flags & MAGIC_DEBUG) != 0) {
+					(void)fprintf(stderr,
+					    "Bad DER offset %d nbytes=%zu",
+					    o, nbytes);
+				}
+				return 0;
 			}
 			break;
 		}
@@ -825,12 +837,15 @@ moffset(struct magic_set *ms, struct mag
 		break;
 	}
 
-	if ((size_t)o >= nbytes) {
-		file_error(ms, 0, "Offset out of range");
+	if ((size_t)o > nbytes) {
+#if 0
+		file_error(ms, 0, "Offset out of range %zu > %zu",
+		    (size_t)o, nbytes);
+#endif
 		return -1;
 	}
 	*op = o;
-	return 0;
+	return 1;
 }
 
 private uint32_t
@@ -2107,8 +2122,13 @@ magiccheck(struct magic_set *ms, struct 
 		return 1;
 	case FILE_DER:
 		matched = der_cmp(ms, m);
-		if (matched == -1)
-			file_error(ms, 0, "EOF comparing DER entries");
+		if (matched == -1) {
+			if ((ms->flags & MAGIC_DEBUG) != 0) {
+				(void) fprintf(stderr,
+				    "EOF comparing DER entries");
+			}
+			return 0;
+		}
 		return matched;
 	default:
 		file_magerror(ms, "invalid type %d in magiccheck()", m->type);