[File] [PATCH] Fix setting MAGIC_PARAM_REGEX_MAX

Christos Zoulas christos at zoulas.com
Wed Dec 12 18:56:49 UTC 2018


On Dec 12, 10:01am, vsevolod at rspamd.com (Vsevolod Stakhov) wrote:
-- Subject: Re: [File] [PATCH] Fix setting MAGIC_PARAM_REGEX_MAX

| I have checked it and it is indeed uint16_t.

Correct.

| However, I think it is wrong: it should be `size_t` like `bytes_max`
| element. The problem is that in file softmagic.c around line 1286 there
| is size_t variable `bytecnt` that is, in turn, compared to uint16_t
| limit `regex_max`.

That is not a problem: unlike assignment where the RHS is converted
to fit the LHS (and truncated if it is larger), on comparison either
side is promoted (widened) to the larger size.

| Hence, `regex_max` should also be of size_t type.

It does not make any sense to make it larger than 64K, since what the
code is effectively doing is:

	for (o = offset; o < offset + regex_max; o++)
		if (regexec(o) == FOUND)
			break;

Do you really want to match more than 65K times per magic entry?

The limit is there is to prevent a DoS attack (timing wise) against
regex().

christos


More information about the File mailing list