[File] [PATCH] Fix setting MAGIC_PARAM_REGEX_MAX
Christos Zoulas
christos at zoulas.com
Wed Dec 12 18:56:49 UTC 2018
On Dec 12, 10:01am, vsevolod at rspamd.com (Vsevolod Stakhov) wrote:
-- Subject: Re: [File] [PATCH] Fix setting MAGIC_PARAM_REGEX_MAX
| I have checked it and it is indeed uint16_t.
Correct.
| However, I think it is wrong: it should be `size_t` like `bytes_max`
| element. The problem is that in file softmagic.c around line 1286 there
| is size_t variable `bytecnt` that is, in turn, compared to uint16_t
| limit `regex_max`.
That is not a problem: unlike assignment where the RHS is converted
to fit the LHS (and truncated if it is larger), on comparison either
side is promoted (widened) to the larger size.
| Hence, `regex_max` should also be of size_t type.
It does not make any sense to make it larger than 64K, since what the
code is effectively doing is:
for (o = offset; o < offset + regex_max; o++)
if (regexec(o) == FOUND)
break;
Do you really want to match more than 65K times per magic entry?
The limit is there is to prevent a DoS attack (timing wise) against
regex().
christos
More information about the File
mailing list