From 8309b81e6ae51b4f8c542d760e256ad38c7f0389 Mon Sep 17 00:00:00 2001 From: DongHun Kwak Date: Thu, 14 Sep 2017 11:45:26 +0900 Subject: [PATCH] Imported Upstream version 5.32 Change-Id: Idb7d475240e5817d467dfd28a110502ad5d64054 Signed-off-by: DongHun Kwak --- ChangeLog | 26 ++++++- configure.ac | 2 +- doc/libmagic.man | 13 +++- magic/Magdir/adventure | 11 +-- magic/Magdir/animation | 10 +-- magic/Magdir/archive | 12 ++-- magic/Magdir/audio | 4 +- magic/Magdir/bhl | 10 +++ magic/Magdir/c-lang | 59 +++++++++++----- magic/Magdir/cad | 11 ++- magic/Magdir/cafebabe | 4 +- magic/Magdir/commands | 6 +- magic/Magdir/compress | 4 +- magic/Magdir/console | 13 +++- magic/Magdir/database | 4 +- magic/Magdir/dump | 4 +- magic/Magdir/filesystems | 19 +++-- magic/Magdir/flash | 86 +++++++++++------------ magic/Magdir/fonts | 156 ++++++++++++++++++++++++++++++++++++++--- magic/Magdir/gconv | 10 +++ magic/Magdir/icc | 4 +- magic/Magdir/images | 64 ++++++++++------- magic/Magdir/m4 | 5 +- magic/Magdir/msdos | 8 +-- magic/Magdir/msvc | 5 +- magic/Magdir/pdf | 7 +- magic/Magdir/python | 32 +++++++-- magic/Magdir/ruby | 37 +++++++--- magic/Magdir/sendmail | 4 +- magic/Magdir/sgml | 14 ++-- magic/Magdir/yara | 4 +- magic/Makefile.am | 4 +- src/apprentice.c | 159 +++++++++++++++++++++++++++++++----------- src/compress.c | 4 +- src/file.h | 4 +- src/fsmagic.c | 19 +++-- src/funcs.c | 6 +- src/magic.c | 17 +++-- src/magic.h.in | 30 ++++++++ src/readelf.c | 8 +-- src/readelf.h | 2 +- src/softmagic.c | 4 +- src/vasprintf.c | 4 +- tests/Makefile.am | 2 + tests/hddrawcopytool.result | 1 + tests/hddrawcopytool.testfile | Bin 0 -> 1280 bytes tests/test.c | 3 +- 47 files changed, 677 insertions(+), 238 deletions(-) create mode 100644 magic/Magdir/bhl create mode 100644 magic/Magdir/gconv create mode 100644 tests/hddrawcopytool.result create mode 100644 tests/hddrawcopytool.testfile diff --git a/ChangeLog b/ChangeLog index 1f7c7b6..2063a23 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,27 @@ +2017-09-02 11:53 Christos Zoulas + + * release 5.32 + +2017-08-28 16:37 Christos Zoulas + + * Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski) + +2017-08-27 03:55 Christos Zoulas + + * Fix always true condition (Thomas Jarosch) + +2017-05-24 17:30 Christos Zoulas + + * pickier parsing of numeric values in magic files. + +2017-05-23 17:55 Christos Zoulas + + * PR/615 add magic_getflags() + +2017-05-23 13:55 Christos Zoulas + + * release 5.31 + 2017-03-17 20:32 Christos Zoulas * remove trailing spaces from magic files @@ -417,7 +441,7 @@ ` 2013-11-06 14:40 Christos Zoulas - * fix erroneous non-zero exit code from non-existant file and message + * fix erroneous non-zero exit code from non-existent file and message 2013-10-29 14:25 Christos Zoulas diff --git a/configure.ac b/configure.ac index 8d0c581..946198b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT([file],[5.31],[christos@astron.com]) +AC_INIT([file],[5.32],[christos@astron.com]) AM_INIT_AUTOMAKE([subdir-objects foreign]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) diff --git a/doc/libmagic.man b/doc/libmagic.man index 638890a..4c7e42f 100644 --- a/doc/libmagic.man +++ b/doc/libmagic.man @@ -1,4 +1,4 @@ -.\" $File: libmagic.man,v 1.39 2015/10/07 02:36:50 christos Exp $ +.\" $File: libmagic.man,v 1.41 2017/05/23 21:54:07 christos Exp $ .\" .\" Copyright (c) Christos Zoulas 2003. .\" All Rights Reserved. @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 11, 2015 +.Dd May 23, 2017 .Dt LIBMAGIC 3 .Os .Sh NAME @@ -35,6 +35,7 @@ .Nm magic_errno , .Nm magic_descriptor , .Nm magic_buffer , +.Nm magic_getflags , .Nm magic_setflags , .Nm magic_check , .Nm magic_compile , @@ -64,6 +65,8 @@ .Ft const char * .Fn magic_buffer "magic_t cookie" "const void *buffer" "size_t length" .Ft int +.Fn magic_getflags "magic_t cookie" +.Ft int .Fn magic_setflags "magic_t cookie" "int flags" .Ft int .Fn magic_check "magic_t cookie" "const char *filename" @@ -206,6 +209,12 @@ argument with bytes size. .Pp The +.Fn magic_getflags +functions returns a value representing current +.Ar flags +set. +.Pp +The .Fn magic_setflags function sets the .Ar flags diff --git a/magic/Magdir/adventure b/magic/Magdir/adventure index 120e3d8..6fae85a 100644 --- a/magic/Magdir/adventure +++ b/magic/Magdir/adventure @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: adventure,v 1.16 2017/03/17 21:35:28 christos Exp $ +# $File: adventure,v 1.17 2017/07/03 16:03:40 christos Exp $ # adventure: file(1) magic for Adventure game files # # from Allen Garvin @@ -36,11 +36,12 @@ >0 ubyte <9 >>16 belong&0xfe00f0f0 0x3030 >>>0 ubyte < 10 ->>>>2 ubeshort < 10 +>>>>2 ubeshort x >>>>>18 regex [0-9][0-9][0-9][0-9][0-9][0-9] ->>>>>>0 ubyte < 10 Infocom (Z-machine %d, ->>>>>>>2 ubeshort < 10 Release %d / ->>>>>>>>18 string >\0 Serial %.6s) +>>>>>>0 ubyte < 10 Infocom (Z-machine %d +>>>>>>>2 ubeshort x \b, Release %d +>>>>>>>>18 string >\0 \b, Serial %.6s +>>>>>>>>18 string x \b) !:strength + 40 !:mime application/x-zmachine diff --git a/magic/Magdir/animation b/magic/Magdir/animation index 77a2da4..a6e50ff 100644 --- a/magic/Magdir/animation +++ b/magic/Magdir/animation @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: animation,v 1.61 2017/04/01 18:26:03 christos Exp $ +# $File: animation,v 1.63 2017/05/26 14:33:07 christos Exp $ # animation: file(1) magic for animation/movie formats # # animation formats @@ -46,9 +46,11 @@ >>11 byte 4 \b v4 (H.263/AMR GSM 6.10) >>11 byte 5 \b v5 (H.263/AMR GSM 6.10) >>11 byte 6 \b v6 (ITU H.264/AMR GSM 6.10) ->>11 byte a \b C.S0050-0 V1.0 ->>11 byte b \b C.S0050-0-A V1.0.0 ->>11 byte c \b C.S0050-0-B V1.0 +# http://www.3gpp2.org/Public_html/Specs/C.S0050-B_v1.0_070521.pdf +# Section 8.1.1, corresponds to a, b, c +>>11 byte 0x61 \b C.S0050-0 V1.0 +>>11 byte 0x62 \b C.S0050-0-A V1.0.0 +>>11 byte 0x63 \b C.S0050-0-B V1.0 >8 string 3ge \b, MPEG v4 system, 3GPP !:mime video/3gpp >>11 byte 6 \b, Release 6 MBMS Extended Presentations diff --git a/magic/Magdir/archive b/magic/Magdir/archive index 1292ade..abecf71 100644 --- a/magic/Magdir/archive +++ b/magic/Magdir/archive @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: archive,v 1.107 2017/03/20 19:51:15 christos Exp $ +# $File: archive,v 1.108 2017/08/30 13:45:10 christos Exp $ # archive: file(1) magic for archive formats (see also "msdos" for self- # extracting compressed archives) # @@ -565,12 +565,12 @@ # check header level 0 1 2 3 >>>20 ubyte <4 # check 2nd, 3th and 4th character of method id ->>>>3 regex \^(lh[0-9a-ex]|lz[s2-8]|pm[012]|pc1) \b\040 +>>>>3 regex \^(lh[0-9a-ex]|lz[s2-8]|pm[012]|pc1) \b !:mime application/x-lzh-compressed # creator type "LHA " !:apple ????LHA # display archive type name like "LHa/LZS archive data" or "LArc archive" ->>>>>2 string -lz \b\040 +>>>>>2 string -lz \b !:ext lzs # already known -lzs- -lz4- -lz5- with old names >>>>>>2 string -lzs LHa/LZS archive data @@ -584,12 +584,12 @@ # LHice archiver use ".ICE" as name extension instead usual one ".lzh" # FOOBAR archiver use ".foo" as name extension instead usual one # "Florain Orjanov's and Olga Bachetska's ARchiver" not found at the moment ->>>>>>>2 string -lh1 \b\040 +>>>>>>>2 string -lh1 \b !:ext lha/lzh/ice >>>>>>3 regex \^lh[23d] LHa 2.x? archive data >>>>>>3 regex \^lh[7] LHa (2.x)/LHark archive data >>>>>>3 regex \^lh[456] LHa (2.x) archive data ->>>>>>>2 string -lh5 \b\040 +>>>>>>>2 string -lh5 \b # https://en.wikipedia.org/wiki/BIOS # Some mainboard BIOS like Award use LHa compression. So archives with unusal extension are found like # bios.rom , kd7_v14.bin, 1010.004, ... @@ -599,7 +599,7 @@ # UNLHA32 2.67a >>>>>>2 string -lhx LHa (UNLHA32) archive # lha archives with standard file name extensions ".lha" ".lzh" ->>>>>>3 regex !\^(lh1|lh5) \b\040 +>>>>>>3 regex !\^(lh1|lh5) \b !:ext lha/lzh # this should not happen if all -lh variants are described >>>>>>2 default x LHa (unknown) archive diff --git a/magic/Magdir/audio b/magic/Magdir/audio index 2f1bca2..0330bbf 100644 --- a/magic/Magdir/audio +++ b/magic/Magdir/audio @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: audio,v 1.79 2017/03/17 22:20:22 christos Exp $ +# $File: audio,v 1.80 2017/08/13 00:21:47 christos Exp $ # audio: file(1) magic for sound formats (see also "iff") # # Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com), @@ -745,7 +745,7 @@ # second of release (0-59) >>9 ubyte x \b:%.2d # if you select a language like german on your garmin device -# you can only select voice modules with correponding language byte ID like 1 +# you can only select voice modules with corresponding language byte ID like 1 >>18 ubyte x \b, language ID %d # pointer to 1st audio WAV sample >>16 uleshort >0 diff --git a/magic/Magdir/bhl b/magic/Magdir/bhl new file mode 100644 index 0000000..6f57f03 --- /dev/null +++ b/magic/Magdir/bhl @@ -0,0 +1,10 @@ + +#------------------------------------------------------------------------------ +# $File: bhl,v 1.1 2017/06/11 22:20:02 christos Exp $ +# BlockHashLoc +# ext: bhl +# Marco Pontello marcopon@gmail.com +# reference: https://github.com/MarcoPon/BlockHashLoc +0 string BlockHashLoc\x1a BlockHashLoc recovery info, +>13 byte x version %d +!:ext bhl diff --git a/magic/Magdir/c-lang b/magic/Magdir/c-lang index 41731c1..7b3f703 100644 --- a/magic/Magdir/c-lang +++ b/magic/Magdir/c-lang @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: c-lang,v 1.25 2017/03/17 21:35:28 christos Exp $ +# $File: c-lang,v 1.26 2017/08/14 07:40:38 christos Exp $ # c-lang: file(1) magic for C and related languages programs # # The strength is to beat standard HTML @@ -11,46 +11,69 @@ !:mime text/x-bcpl # C -0 regex \^#include C source text -!:strength +25 +# Check for class if include is found, otherwise class is beaten by include becouse of lowered strength +0 regex \^#include C +>0 regex \^class[[:space:]]+ +>>&0 regex \\{[\.\*]\\}(;)?$ \b++ +>&0 clear x source text +!:strength + 13 +!:mime text/x-c +0 regex \^#[[:space:]]*pragma C source text +!:mime text/x-c +0 regex \^#[[:space:]]*(if\|ifn)def +>&0 regex \^#[[:space:]]*endif$ C source text !:mime text/x-c -0 regex \^char[\ \t\n]+ C source text +0 regex \^#[[:space:]]*(if\|ifn)def +>&0 regex \^#[[:space:]]*define C source text !:mime text/x-c -0 regex \^double[\ \t\n]+ C source text +0 regex \^[[:space:]]*char(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text !:mime text/x-c -0 regex \^extern[\ \t\n]+ C source text +0 regex \^[[:space:]]*double(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text !:mime text/x-c -0 regex \^float[\ \t\n]+ C source text +0 regex \^[[:space:]]*extern[[:space:]]+ C source text !:mime text/x-c -0 regex \^struct[\ \t\n]+ C source text +0 regex \^[[:space:]]*float(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text !:mime text/x-c -0 regex \^union[\ \t\n]+ C source text +0 regex \^struct[[:space:]]+ C source text !:mime text/x-c -0 search/8192 main( C source text +0 regex \^union[[:space:]]+ C source text +!:mime text/x-c +0 search/8192 main( +>&0 regex \\)[[:space:]]*\\{ C source text !:mime text/x-c # C++ # The strength of these rules is increased so they beat the C rules above -0 regex \^template[\ \t]+<.*>[\ \t\n]+ C++ source text +0 regex \^namespace[[:space:]]+[_[:alpha:]]{1,30}[[:space:]]*\\{ C++ source text +!:strength + 30 +!:mime text/x-c++ +# using namespace [namespace] or using std::[lib] +0 regex \^using[[:space:]]+(namespace\ )?std(::)?[[:alpha:]]*[[:space:]]*; C++ source text +!:strength + 30 +!:mime text/x-c++ +0 regex \^[[:space:]]*template[[:space:]]*<.*>[[:space:]]*$ C++ source text !:strength + 30 !:mime text/x-c++ -0 regex \^virtual[\ \t\n]+ C++ source text +0 regex \^[[:space:]]*virtual[[:space:]]+.*[};][[:space:]]*$ C++ source text !:strength + 30 !:mime text/x-c++ -0 regex \^class[\ \t\n]+ C++ source text -# But class is reduced to avoid beating php (Jens Schleusener) +# But class alone is reduced to avoid beating php (Jens Schleusener) +0 regex \^[[:space:]]*class[[:space:]]+[[:digit:][:alpha:]:_]+[[:space:]]*\\{(.*[\n]*)*\\}(;)?$ C++ source text !:strength + 13 !:mime text/x-c++ -0 regex \^public: C++ source text +0 regex \^[[:space:]]*public: C++ source text +!:strength + 30 +!:mime text/x-c++ +0 regex \^[[:space:]]*private: C++ source text !:strength + 30 !:mime text/x-c++ -0 regex \^private: C++ source text +0 regex \^[[:space:]]*protected: C++ source text !:strength + 30 !:mime text/x-c++ # Objective-C -0 regex \^#import Objective-C source text -!:strength +25 +0 regex \^#import Objective-C source text +!:strength + 25 !:mime text/x-objective-c # From: Mikhail Teterin diff --git a/magic/Magdir/cad b/magic/Magdir/cad index f4abc65..daafba9 100644 --- a/magic/Magdir/cad +++ b/magic/Magdir/cad @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: cad,v 1.14 2017/03/17 21:35:28 christos Exp $ +# $File: cad,v 1.15 2017/06/24 15:24:56 christos Exp $ # autocad: file(1) magic for cad files # @@ -147,8 +147,13 @@ >0x02 byte 0xfe >>0x04 beshort 0x1800 CIT raster CAD -# 3DS (3d Studio files) Conflicts with diff output 0x3d '=' -#16 beshort 0x3d3d image/x-3ds +# 3DS (3d Studio files) +0 leshort 0x4d4d +>6 leshort 0x2 +>>8 lelong 0xa +>>>16 leshort 0x3d3d 3D Studio model +!:mime image/x-3ds +!:extension 3ds # MegaCAD 2D/3D drawing (.prt) # http://megacad.de/ diff --git a/magic/Magdir/cafebabe b/magic/Magdir/cafebabe index ecc550a..6482858 100644 --- a/magic/Magdir/cafebabe +++ b/magic/Magdir/cafebabe @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: cafebabe,v 1.22 2017/03/17 21:35:28 christos Exp $ +# $File: cafebabe,v 1.23 2017/05/25 20:07:23 christos Exp $ # Cafe Babes unite! # # Since Java bytecode and Mach-O universal binaries have the same magic number, @@ -47,7 +47,7 @@ 0 name mach-o \b [ >0 use mach-o-cpu \b ->(8.L) indirect \b: +>(8.L) indirect x \b: >0 belong x \b] 0 belong 0xcafebabe diff --git a/magic/Magdir/commands b/magic/Magdir/commands index 1a46efd..f6ad1c8 100644 --- a/magic/Magdir/commands +++ b/magic/Magdir/commands @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: commands,v 1.57 2017/04/04 20:34:24 christos Exp $ +# $File: commands,v 1.59 2017/08/14 07:40:38 christos Exp $ # commands: file(1) magic for various shells and interpreters # #0 string/w : shell archive or script for antique kernel text @@ -56,7 +56,7 @@ !:mime text/x-awk 0 string/wt #!\ /usr/bin/awk awk script text executable !:mime text/x-awk -0 regex/4096 =^[A-Za-z0-9_]{0,100}BEGIN[A-Za-z0-9_]{0,100}[{] awk or perl script text +0 regex/4096 =^[\040\t\f\r\n]{0,100}BEGIN[\040\t\f\r\n]{0,100}[{] awk or perl script text # AT&T Bell Labs' Plan 9 shell 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable @@ -84,7 +84,7 @@ # PHP scripts # Ulf Harnhammar 0 search/1/c =(4.l+8) indirect +>(4.l+8) indirect x # Zstandard Dictionary ID subroutine 0 name zstd-dictionary-id diff --git a/magic/Magdir/console b/magic/Magdir/console index 0d98a7a..66f5dbd 100644 --- a/magic/Magdir/console +++ b/magic/Magdir/console @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: console,v 1.30 2017/03/17 21:35:28 christos Exp $ +# $File: console,v 1.32 2017/08/13 00:21:47 christos Exp $ # Console game magic # Toby Deshane @@ -413,6 +413,15 @@ >0x1E byte x \b, Rev.%02u) >0x12 byte 2 (DSi enhanced) >0x12 byte 3 (DSi only) +# Secure Area check. +>0x20 lelong <0x4000 (homebrew) +>0x20 lelong >0x3FFF +>>0x4000 lequad 0x0000000000000000 (multiboot) +>>0x4000 lequad !0x0000000000000000 +>>>0x4000 lequad 0xE7FFDEFFE7FFDEFF (decrypted) +>>>0x4000 lequad !0xE7FFDEFFE7FFDEFF +>>>>0x1000 lequad 0x0000000000000000 (encrypted) +>>>>0x1000 lequad !0x0000000000000000 (mask ROM) #------------------------------------------------------------------------------ # nds_passme: file(1) magic for Nintendo DS ROM images for GBA cartridge boot. @@ -796,7 +805,7 @@ # Type: Nintendo 3DS Homebrew Application. # From: David Korth -# Refernece: https://3dbrew.org/wiki/3DSX_Format +# Reference: https://3dbrew.org/wiki/3DSX_Format 0 string 3DSX Nintendo 3DS Homebrew Application (3DSX) #------------------------------------------------------------------------------ diff --git a/magic/Magdir/database b/magic/Magdir/database index 385a280..a0300ae 100644 --- a/magic/Magdir/database +++ b/magic/Magdir/database @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: database,v 1.51 2017/04/28 16:28:16 christos Exp $ +# $File: database,v 1.52 2017/08/13 00:21:47 christos Exp $ # database: file(1) magic for various databases # # extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk) @@ -207,7 +207,7 @@ >>>>>>>>>>>>>8 uleshort >0 \b, at offset %d >>>>>>>>>>>>>(8.s+1) ubyte >0 >>>>>>>>>>>>>>&-1 string >\0 1st record "%s" -# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserverd (NULL) +# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL) >>>>>>>24 ubelong&0x0133f7ff >0 # test for reserved NULL byte >>>>>>>>47 ubyte 0 diff --git a/magic/Magdir/dump b/magic/Magdir/dump index 64742b7..73de3dc 100644 --- a/magic/Magdir/dump +++ b/magic/Magdir/dump @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: dump,v 1.14 2017/03/17 21:35:28 christos Exp $ +# $File: dump,v 1.16 2017/07/22 19:21:02 christos Exp $ # dump: file(1) magic for dump file format--for new and old dump filesystems # # We specify both byte orders in order to recognize byte-swapped dumps. @@ -69,6 +69,8 @@ >0 use old-dump-be 24 lelong 60012 new-fs dump file (little endian), +# to correctly recognize '*.mo' GNU message catalog (little endian) +!:strength - 15 >0 use \^new-dump-be 24 lelong 60011 old-fs dump file (little endian), diff --git a/magic/Magdir/filesystems b/magic/Magdir/filesystems index 65f3ea5..48b74e0 100644 --- a/magic/Magdir/filesystems +++ b/magic/Magdir/filesystems @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------ -# $File: filesystems,v 1.120 2017/03/24 19:29:26 christos Exp $ +# $File: filesystems,v 1.122 2017/07/21 10:34:41 christos Exp $ # filesystems: file(1) magic for different filesystems # 0 name partid @@ -1959,11 +1959,10 @@ 32769 string CD001 # mime line at that position does not work # to display CD-ROM (70=81-11) after MBR (113=40+72+1), partition-table (71=50+21) and before Apple Driver Map (51) -!:strength -11 +#!:strength -11 # to display CD-ROM (114=81+33) before MBR (113=40+72+1), partition-table (71=50+21) and Apple Driver Map (51) -# does not work -#!:strength +33 ->0 use cdrom +!:strength +34 +>0 use cdrom # .cso files # Reference: http://pismotec.com/ciso/ciso.h @@ -2388,3 +2387,13 @@ >>>>>>>>0x1B ubyte 0x30 \b, media=1D >>>>>>>>0x1B ubyte 0x40 \b, media=1DD >>>>>>>>0x1A ubyte 0x10 \b, write-protected + +# HDD Raw Copy Tool disk image, file extension: .imgc +# From Benjamin Vanheuverzwijn +0 pstring HDD\ Raw\ Copy\ Tool %s +>0x100 pstring x %s +>0x200 pstring x - HD model: %s +#>0x300 pstring x unknown %s +>0x400 pstring x serial: %s +#>0x500 pstring x unknown: %s +!:ext imgc diff --git a/magic/Magdir/flash b/magic/Magdir/flash index ba5ed6a..b48abe9 100644 --- a/magic/Magdir/flash +++ b/magic/Magdir/flash @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: flash,v 1.11 2014/05/02 00:26:49 christos Exp $ +# $File: flash,v 1.14 2017/05/25 20:09:55 christos Exp $ # flash: file(1) magic for Macromedia Flash file format # # See @@ -10,45 +10,45 @@ # en/devnet/swf/pdf/swf-file-format-spec.pdf page 27 # -0 name swf-details - ->0 string F ->>8 byte&0xfd 0x08 Macromedia Flash data -!:mime application/x-shockwave-flash ->>>3 byte x \b, version %d ->>8 byte&0xfe 0x10 Macromedia Flash data -!:mime application/x-shockwave-flash ->>>3 byte x \b, version %d ->>8 byte 0x18 Macromedia Flash data -!:mime application/x-shockwave-flash ->>>3 byte x \b, version %d ->>8 beshort&ff87 0x2000 Macromedia Flash data -!:mime application/x-shockwave-flash ->>>3 byte x \b, version %d ->>8 beshort&ffe0 0x3000 Macromedia Flash data -!:mime application/x-shockwave-flash ->>>3 byte x \b, version %d ->>8 byte&0x7 0 ->>>8 ubyte >0x2f ->>>>9 ubyte <0x20 Macromedia Flash data -!:mime application/x-shockwave-flash ->>>>>3 byte x \b, version %d - ->0 string C ->>8 byte 0x78 Macromedia Flash data (compressed) -!:mime application/x-shockwave-flash ->>>3 byte x \b, version %d - ->0 string Z ->>8 byte 0x5d Macromedia Flash data (lzma compressed) -!:mime application/x-shockwave-flash ->>>3 byte x \b, version %d - - -1 string WS ->4 ulelong >14 ->>3 ubyte !0 ->>>0 use swf-details +0 name swf-details + +>0 string F +>>8 byte&0xfd 0x08 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d +>>8 byte&0xfe 0x10 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d +>>8 byte 0x18 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d +>>8 beshort&0xff87 0x2000 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d +>>8 beshort&0xffe0 0x3000 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d +>>8 byte&0x7 0 +>>>8 ubyte >0x2f +>>>>9 ubyte <0x20 Macromedia Flash data +!:mime application/x-shockwave-flash +>>>>>3 byte x \b, version %d + +>0 string C +>>8 byte 0x78 Macromedia Flash data (compressed) +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d + +>0 string Z +>>8 byte 0x5d Macromedia Flash data (lzma compressed) +!:mime application/x-shockwave-flash +>>>3 byte x \b, version %d + + +1 string WS +>4 ulelong >14 +>>3 ubyte !0 +>>>0 use swf-details # From: Cal Peake 0 string FLV\x01 Macromedia Flash Video @@ -56,7 +56,7 @@ # # Yosu Gomez -0 string AGD2\xbe\xb8\xbb\xcd\x00 Macromedia Freehand 7 Document -0 string AGD3\xbe\xb8\xbb\xcc\x00 Macromedia Freehand 8 Document +0 string AGD2\xbe\xb8\xbb\xcd\x00 Macromedia Freehand 7 Document +0 string AGD3\xbe\xb8\xbb\xcc\x00 Macromedia Freehand 8 Document # From Dave Wilson -0 string AGD4\xbe\xb8\xbb\xcb\x00 Macromedia Freehand 9 Document +0 string AGD4\xbe\xb8\xbb\xcb\x00 Macromedia Freehand 9 Document diff --git a/magic/Magdir/fonts b/magic/Magdir/fonts index aab7412..7e9b0da 100644 --- a/magic/Magdir/fonts +++ b/magic/Magdir/fonts @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: fonts,v 1.35 2017/03/17 21:35:28 christos Exp $ +# $File: fonts,v 1.37 2017/06/24 00:39:00 christos Exp $ # fonts: file(1) magic for font data # 0 search/1 FONT ASCII vfont text @@ -136,21 +136,159 @@ >4 beshort >0 version %d # True Type fonts -0 string \000\001\000\000\000 TrueType font data -!:mime application/x-font-ttf +# Modified by: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/TrueType +# Reference: https://developer.apple.com/fonts/TrueType-Reference-Manual/ +# +# sfnt version "typ1" used by some Apple, but no example found +0 string typ1 +>0 use sfnt-font +>0 use sfnt-names +# sfnt version "true" used by some Apple +0 string true +>0 use sfnt-font +>0 use sfnt-names +# GRR: below test is too general +# sfnt version often 0x00010000 +0 string \000\001\000\000 +>0 use sfnt-font +>0 use sfnt-names +# validate and display sfnt font data like number of tables +0 name sfnt-font +# file 5.30 version assumes 00FFh as maximal number of tables +#>4 ubeshort <0x0100 +# maximal 27 tables found like in Skia.ttf +# 46 different table names mentioned on Apple specification +# skip 1st sequence of DOS 2 backup with path separator (\~92 or /~47) misinterpreted as table number +>4 ubeshort <47 +# skip bad examples with garbage table names like in a5.show HYPERC MAC +# tag names consist of up to four characters padded with spaces at end like +# BASE DSIG OS/2 Zapf acnt glyf cvt vmtx xref ... +>>12 regex/4l \^[A-Za-z][A-Za-z][A-Za-z/][A-Za-z2\ ] +#>>>0 ubelong x \b, sfnt version 0x%x +>>>0 ubelong !0x4f54544f TrueType +!:mime application/font-sfnt +#!:mime font/ttf +!:apple ????tfil +# .ttf for TrueType font +# EUDC.tte created by privat character editor %WINDIR%\system32\eudcedit.exe +!:ext ttf/tte +# sfnt version 4F54544Fh~OTTO +>>>0 ubelong =0x4f54544f OpenType +!:mime application/font-sfnt +#!:mime font/otf +!:apple ????OTTO +!:ext otf +>>>0 ubelong x Font data +# DSIG=44454947h table name implies a digitally signed font +# search range = number of tables * 16 =< maximal number of tables * 16 = 27 * 16 = 432 +>>>12 search/432 DSIG \b, digitally signed +>>>4 ubeshort x \b, %d tables +# minimal 9 tables found like in NISC18030.ttf +#>>>4 ubeshort <10 TMIN +#>>>4 ubeshort >24 TBIG +# table directory entries +>>>12 string x \b, 1st "%4.4s" + +# search and display 1st name in sfnt font which is often copyright text +# does not work inside font collections +0 name sfnt-names +# search for naming table +>12 search/432/s name +# biggest offset 0x0100bd28 like Windows10 Fonts\simsunb.ttf +#>>>>&8 ubelong >0x0100bd27 BIGGEST OFFSET +>>&8 ubelong >0x00100000 +# offset of name table +>>>&-4 ubelong x \b, name offset 0x%x +# GRR: pointer to name table only works if offset ~< FILE_BYTES_MAX = 100000h defined in src\file.h +>>&8 ubelong <0x00100000 +>>>&-16 ubelong x +# name table +>>>>(&8.L) ubequad x +# invalid format selector +#>>>>>&-8 ubeshort !0 \b, invalid selector %x +# minimal 3 name records found like in c:\Program Files (x86)\Tesseract-OCR\tessdata\pdf.ttf +# maximal 1227 name records found like in Apple Chancery.ttf +#>>>>>&-6 ubeshort <0x4 mincount +#>>>>>&-6 ubeshort >130 maxcount +>>>>>&-6 ubeshort x \b, %d names +# offset to start of string storage from start of table +#>>>>>&-4 ubeshort x \b, record offset %d +# 1st name record +# string offset from start of storage area +#>>>>>&8 ubeshort x \b, string offset %d +# string length +#>>>>>&6 ubeshort x \b, string length %d +# minimal name string 7 like in c:\Program Files (x86)\Kodi\addons\webinterface.default\lib\video-js\font\VideoJS.ttf +# also found 0 like in SWZCONLN.TTF +#>>>>>&6 ubeshort <8 MIN STRING +# maximal name string 806 like in c:\Windows\Fonts\palabi.ttf +#>>>>>&6 ubeshort >805 MAX STRING +# platform identifier: 0~Apple Unicode, 1~Macintosh, 3~Microsoft +#>>>>>&-2 ubeshort >3 BAD PLATFORM +>>>>>&-2 ubeshort 0 \b, Unicode +>>>>>&-2 ubeshort 1 \b, Macintosh +>>>>>&-2 ubeshort 3 \b, Microsoft +# languageID (0~english Macintosh, 0409h~english Microsoft, ...) +>>>>>&2 ubeshort >0 \b, language 0x%x +# name identifiers +# often 0~copyright, 1~font, 2~font subfamily, 5~version, 13~license, 19~sample, ... +>>>>>&4 ubeshort >0 \b, type %d string +# platform specific encoding: +# 0~undefined character set, 1~UGL set with Unicode, 3~Unicode 2.0 BMP only, 4~Unicode 2.0 +#>>>>>&0 ubeshort x \b, %d encoding +>>>>>&0 ubeshort 0 +# handle only name string offset 0 because do not know how to add 2 relative offsets +>>>>>>&6 ubeshort 0 +>>>>>>>&(&-14.S-18) ubyte !0 +# GRR: instead 806 only first MAXstring = 96 characters are displayed as defined in src\file.h +# often copyright string that starts like \251 2006 The Monotype Corporation +>>>>>>>>&-1 string x \b, %-11.96s +# test for unicode string +>>>>>>>&(&-14.S-18) ubyte 0 +>>>>>>>>&0 lestring16 x \b, %-11.96s +# unicode encoding +>>>>>&0 ubeshort >0 +>>>>>>&6 ubeshort 0 +>>>>>>>&(&-14.S-17) lestring16 x \b, %-11.96s 0 string \007\001\001\000Copyright\ (c)\ 199 Adobe Multiple Master font 0 string \012\001\001\000Copyright\ (c)\ 199 Adobe Multiple Master font # TrueType/OpenType font collections (.ttc) +# URL: https://en.wikipedia.org/wiki/OpenType # http://www.microsoft.com/typography/otspec/otff.htm -0 string ttcf TrueType font collection data ->4 belong 0x00010000 \b, 1.0 ->>8 belong >0 \b, %d fonts ->4 belong 0x00020000 \b, 2.0 ->>8 belong >0 \b, %d fonts +# Modified by: Joerg Jenderek +# Note: container for TrueType, OpenType font +0 string ttcf +# skip ASCII text +>4 ubyte 0 +# sfnt version often 0x00010000 of 1st table is TrueType +>>(12.L) ubelong !0x4f54544f TrueType +#!:mime font/ttf +!:apple ????tfil +!:ext ttc +# sfnt version 4F54544Fh~OTTO of 1st table is OpenType font +>>(12.L) ubelong =0x4f54544f OpenType +#!:mime font/otf +!:apple ????OTTO +# no example found for otc +!:ext ttc/otc +>>4 ubyte x font collection data +!:mime application/font-sfnt +#!:mime font/collection +# TCC version +>>4 belong 0x00010000 \b, 1.0 +>>4 belong 0x00020000 \b, 2.0 +>>8 ubelong >0 \b, %d fonts +# array offset size = fonts * offsetsize = fonts * 4 +>>(8.L*4) ubequad x # 0x44454947 = 'DSIG' ->>>16 belong 0x44534947 \b, digitally signed +>>>&4 belong 0x44534947 \b, digitally signed +# offset to 1st font +>>12 ubelong x \b, at 0x%x +# point to 1st font that starts with sfnt version +>>(12.L) use sfnt-font # Opentype font data from Avi Bercovich 0 string OTTO OpenType font data diff --git a/magic/Magdir/gconv b/magic/Magdir/gconv new file mode 100644 index 0000000..eec5ddc --- /dev/null +++ b/magic/Magdir/gconv @@ -0,0 +1,10 @@ + +#------------------------------------------------------------------------------ +# $File: gconv +# gconv: file(1) magic for iconv/gconv module configuration cache +# +# Magic number defined in glibc/iconv/iconvconfig.h as GCONVCACHE_MAGIC +# +# From: Marek Cermak +# +0 lelong 0x20010324 gconv module configuration cache data diff --git a/magic/Magdir/icc b/magic/Magdir/icc index 57a8fbc..55583b7 100644 --- a/magic/Magdir/icc +++ b/magic/Magdir/icc @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: icc,v 1.4 2017/03/17 22:20:22 christos Exp $ +# $File: icc,v 1.5 2017/08/13 00:21:47 christos Exp $ # icc: file(1) magic for International Color Consortium file formats # @@ -48,7 +48,7 @@ # 5th platform >>>40 string TGNT Taligent -# remaing "l" "e" of "color profile" printed later to avoid error +# remaining "l" "e" of "color profile" printed later to avoid error >>>40 string x color profi #>>>40 string x (%.4s) !:mime application/vnd.iccprofile diff --git a/magic/Magdir/images b/magic/Magdir/images index ce68e00..f0d087b 100644 --- a/magic/Magdir/images +++ b/magic/Magdir/images @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: images,v 1.123 2017/04/04 20:34:24 christos Exp $ +# $File: images,v 1.126 2017/06/11 22:25:44 christos Exp $ # images: file(1) magic for image formats (see also "iff", and "c-lang" for # XPM bitmaps) # @@ -35,11 +35,6 @@ >>>16 ubyte <33 # skip more by looking for pixel size 0Fh 10h 18h 20h >>>>16 ubyte&0xC0 0x00 -# skip 260-16.ico by looking for no color map ->>>>>1 ubyte 0 -# implies no first map entry ->>>>>>3 uleshort 0 ->>>>>>>0 use tga-image # Color Map >>>>>1 belong&0xfff7ffff 0x01010000 >>>>>>0 use tga-image @@ -47,6 +42,12 @@ >>>>>>0 use tga-image >>>>>1 belong&0xfff7ffff 0x00030000 >>>>>>0 use tga-image +>>>>>1 default x +# skip 260-16.ico by looking for no color map +>>>>>>1 ubyte 0 +# implies no first map entry +>>>>>>>3 uleshort 0 +>>>>>>>>0 use tga-image # display tga bitmap image information 0 name tga-image >2 ubyte <34 Targa image data @@ -175,42 +176,42 @@ >>>&0 regex =[0-9]{1,50} \b %s 0 search/1 P1 ->0 regex/4 P1[A-Za-z0-9_] +>0 regex/4 P1[\040\t\f\r\n] >>0 use netpbm >>>0 string x \b, bitmap !:strength + 45 !:mime image/x-portable-bitmap 0 search/1 P2 ->0 regex/4 P2[A-Za-z0-9_] +>0 regex/4 P2[\040\t\f\r\n] >>0 use netpbm >>>0 string x \b, greymap !:strength + 45 !:mime image/x-portable-greymap 0 search/1 P3 ->0 regex/4 P3[A-Za-z0-9_] +>0 regex/4 P3[\040\t\f\r\n] >>0 use netpbm >>>0 string x \b, pixmap !:strength + 45 !:mime image/x-portable-pixmap 0 string P4 ->0 regex/4 P4[A-Za-z0-9_] +>0 regex/4 P4[\040\t\f\r\n] >>0 use netpbm >>>0 string x \b, rawbits, bitmap !:strength + 45 !:mime image/x-portable-bitmap 0 string P5 ->0 regex/4 P5[A-Za-z0-9_] +>0 regex/4 P5[\040\t\f\r\n] >>0 use netpbm >>>0 string x \b, rawbits, greymap !:strength + 45 !:mime image/x-portable-greymap 0 string P6 ->0 regex/4 P6[A-Za-z0-9_] +>0 regex/4 P6[\040\t\f\r\n] >>0 use netpbm >>>0 string x \b, rawbits, pixmap !:strength + 45 @@ -418,22 +419,35 @@ # (Greg Roelofs, newt@uchicago.edu) # (Albert Cahalan, acahalan@cs.uml.edu) # -# 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ... +# 137 P N G \r \n ^Z \n [4-byte length] I H D R [HEAD data] [HEAD crc] ... # -0 string \x89PNG\x0d\x0a\x1a\x0a PNG image data + +# IHDR parser +0 name png-ihdr +>0 belong x \b, %d x +>4 belong x %d, +>8 byte x %d-bit +>9 byte 0 grayscale, +>9 byte 2 \b/color RGB, +>9 byte 3 colormap, +>9 byte 4 gray+alpha, +>9 byte 6 \b/color RGBA, +#>10 byte 0 deflate/32K, +>12 byte 0 non-interlaced +>12 byte 1 interlaced + +# Standard PNG image. +0 string \x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x0DIHDR PNG image data +!:mime image/png +!:strength +10 +>16 use png-ihdr + +# Apple CgBI PNG image. +0 string \x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x04CgBI +>24 string \x00\x00\x00\x0DIHDR PNG image data (CgBI) !:mime image/png !:strength +10 ->16 belong x \b, %d x ->20 belong x %d, ->24 byte x %d-bit ->25 byte 0 grayscale, ->25 byte 2 \b/color RGB, ->25 byte 3 colormap, ->25 byte 4 gray+alpha, ->25 byte 6 \b/color RGBA, -#>26 byte 0 deflate/32K, ->28 byte 0 non-interlaced ->28 byte 1 interlaced +>>32 use png-ihdr # possible GIF replacements; none yet released! # (Greg Roelofs, newt@uchicago.edu) diff --git a/magic/Magdir/m4 b/magic/Magdir/m4 index 508f32d..3a1c6d1 100644 --- a/magic/Magdir/m4 +++ b/magic/Magdir/m4 @@ -1,6 +1,9 @@ #------------------------------------------------------------------------------ -# $File$ +# $File: m4,v 1.2 2017/08/14 07:40:38 christos Exp $ # make: file(1) magic for M4 scripts # 0 regex \^dnl\ M4 macro processor script text !:mime text/x-m4 +0 regex \^AC_DEFUN\\(\\[ M4 macro processor script text +!:strength + 15 +!:mime text/x-m4 diff --git a/magic/Magdir/msdos b/magic/Magdir/msdos index 841d62e..6eb12c2 100644 --- a/magic/Magdir/msdos +++ b/magic/Magdir/msdos @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: msdos,v 1.118 2017/05/20 19:55:27 christos Exp $ +# $File: msdos,v 1.120 2017/08/13 00:21:47 christos Exp $ # msdos: file(1) magic for MS-DOS files # @@ -820,7 +820,7 @@ # Windows icons # Update: Joerg Jenderek # URL: https://en.wikipedia.org/wiki/CUR_(file_format) -# Note: similiar to Windows CURsor. container for BMP (only DIB part) or PNG +# Note: similar to Windows CURsor. container for BMP (only DIB part) or PNG 0 belong 0x00000100 >9 byte 0 >>0 byte x @@ -891,7 +891,7 @@ # Windows non-animated cursors # Update: Joerg Jenderek # URL: https://en.wikipedia.org/wiki/CUR_(file_format) -# Note: similiar to Windows ICOn. container for BMP ( only DIB part) +# Note: similar to Windows ICOn. container for BMP ( only DIB part) # GRR: line below is too general as it catches also Lotus 1-2-3 files 0 belong 0x00000200 >9 byte 0 @@ -998,7 +998,7 @@ # TNEF magic From "Joomy" # Microsoft Outlook's Transport Neutral Encapsulation Format (TNEF) -0 leshort 0x223e9f78 TNEF +0 lelong 0x223e9f78 TNEF !:mime application/vnd.ms-tnef # Norton Guide (.NG , .HLP) files added by Joerg Jenderek from source NG2HTML.C diff --git a/magic/Magdir/msvc b/magic/Magdir/msvc index acc4faf..13f847f 100644 --- a/magic/Magdir/msvc +++ b/magic/Magdir/msvc @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: msvc,v 1.8 2017/03/17 22:20:22 christos Exp $ +# $File: msvc,v 1.9 2017/08/02 08:15:20 christos Exp $ # msvc: file(1) magic for msvc # "H. Nanosecond" # Microsoft visual C @@ -54,6 +54,9 @@ # Page Count for msoo-dll.pdb 4379h >>>0x32 leshort x \b*%d bytes +# Reference: https://github.com/Microsoft/vstest/pull/856/commits/fdc7a9f074ca5a8dfeec83b1be9162bf0cf4000d +0 string/c bsjb\001\000\001\000\000\000\000\000\f\000\000\000pdb\ v1.0 Microsoft Rosyln C# debugging symbols version 1.0 + #.sbr 0 string \000\002\000\007\000 MSVC .sbr >5 string >\0 %s diff --git a/magic/Magdir/pdf b/magic/Magdir/pdf index 0d72aa0..04b564d 100644 --- a/magic/Magdir/pdf +++ b/magic/Magdir/pdf @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: pdf,v 1.7 2013/08/22 07:47:26 christos Exp $ +# $File: pdf,v 1.9 2017/05/24 17:35:20 christos Exp $ # pdf: file(1) magic for Portable Document Format # @@ -20,3 +20,8 @@ !:mime application/vnd.fdf >5 byte x \b, version %c >7 byte x \b.%c + +0 search/256 %PDF- PDF document +!:mime application/pdf +>&0 byte x \b, version %c +>&2 byte x \b.%c diff --git a/magic/Magdir/python b/magic/Magdir/python index 81d1cc3..f21ff65 100644 --- a/magic/Magdir/python +++ b/magic/Magdir/python @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: python,v 1.31 2017/04/11 14:59:28 christos Exp $ +# $File: python,v 1.34 2017/08/14 07:40:38 christos Exp $ # python: file(1) magic for python # # Outlook puts """ too for urgent messages @@ -24,7 +24,11 @@ 0 belong 0x6c0c0d0a python 3.2 byte-compiled 0 belong 0x9e0c0d0a python 3.3 byte-compiled 0 belong 0xee0c0d0a python 3.4 byte-compiled -0 belong 0x160d0d0a python 3.5 byte-compiled +0 belong 0x160d0d0a python 3.5.1- byte-compiled +0 belong 0x170d0d0a python 3.5.2+ byte-compiled +0 belong 0x330d0d0a python 3.6 byte-compiled +0 belong 0x3e0d0d0a python 3.7 byte-compiled + 0 search/1/w #!\ /usr/bin/python Python script text executable !:strength + 15 @@ -51,6 +55,17 @@ !:strength + 15 !:mime text/x-python +# if __name__ == "__main__": +0 search/4096 if\ __name__ +>&0 search/64 '__main__' Python script text executable +>&0 search/64 "__main__" Python script text executable +!:strength + 15 +!:mime text/x-python + +# import module [as abrev] +0 regex \^import\ [_[:alpha:]]+\ as\ [[:alpha:]][[:space:]]*$ Python script text executable +!:mime text/x-python + # comments #0 search/4096 ''' #>&0 regex .*'''$ Python script text executable @@ -64,14 +79,19 @@ # except: or finally: # block 0 search/4096 try: ->&0 regex \^[A-Za-z0-9_]*except.*: Python script text executable +>&0 regex \^[[:space:]]*except.*:$ Python script text executable !:strength + 15 !:mime text/x-python >&0 search/4096 finally: Python script text executable !:mime text/x-python -# def name(args, args): -0 regex \^(\ |\\t){0,50}def\ {1,50}[a-zA-Z]{1,100} ->&0 regex \ {0,50}\\(([a-zA-Z]|,|\ ){1,255}\\):$ Python script text executable +# class name[(base classes,)]: [pass] +0 regex \^class\ [_[:alpha:]]+(\\(.*\\))?(\ )*:([\ \t]+pass)?$ Python script text executable +!:strength + 15 !:mime text/x-python + +# def name(*args, **kwargs): +0 regex \^[[:space:]]{0,50}def\ {1,50}[_a-zA-Z]{1,100} +>&0 regex \\(([[:alpha:]*_,\ ]){0,255}\\):$ Python script text executable !:strength + 15 +!:mime text/x-python diff --git a/magic/Magdir/ruby b/magic/Magdir/ruby index 6468c4a..45a253c 100644 --- a/magic/Magdir/ruby +++ b/magic/Magdir/ruby @@ -1,32 +1,51 @@ #------------------------------------------------------------------------------ -# $File: ruby,v 1.5 2010/07/21 16:47:17 christos Exp $ +# $File: ruby,v 1.7 2017/08/14 13:39:18 christos Exp $ # ruby: file(1) magic for Ruby scripting language # URL: http://www.ruby-lang.org/ # From: Reuben Thomas # Ruby scripts -0 search/1/w #!\ /usr/bin/ruby Ruby script text executable +0 search/1/w #!\ /usr/bin/ruby Ruby script text executable !:strength + 15 !:mime text/x-ruby 0 search/1/w #!\ /usr/local/bin/ruby Ruby script text executable !:strength + 15 !:mime text/x-ruby -0 search/1 #!/usr/bin/env\ ruby Ruby script text executable +0 search/1 #!/usr/bin/env\ ruby Ruby script text executable !:strength + 15 !:mime text/x-ruby -0 search/1 #!\ /usr/bin/env\ ruby Ruby script text executable +0 search/1 #!\ /usr/bin/env\ ruby Ruby script text executable !:strength + 15 !:mime text/x-ruby # What looks like ruby, but does not have a shebang # (modules and such) # From: Lubomir Rintel -0 regex \^[\ \t]*require[\ \t]'[A-Za-z_/]+' ->0 regex include\ [A-Z]|def\ [a-z]|\ do$ ->>0 regex \^[\ \t]*end([\ \t]*[;#].*)?$ Ruby script text +0 regex \^[[:space:]]*require[[:space:]]'[A-Za-z_/]+' +>0 regex def\ [a-z]|\ do$ +>>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text +!:strength + 30 !:mime text/x-ruby -0 regex \^[\ \t]*(class|module)[\ \t][A-Z] +0 regex \^[[:space:]]*(class|module)[[:space:]][A-Z] >0 regex (modul|includ)e\ [A-Z]|def\ [a-z] ->>0 regex \^[\ \t]*end([\ \t]*[;#].*)?$ Ruby module source text +>>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text +!:strength + 30 +!:mime text/x-ruby +# Classes with no modules or defs, beats simple ASCII +0 regex \^[[:space:]]*(class|module)[[:space:]][A-Z] +>&0 regex \^[[:space:]]*end([[:space:]]+[;#if].*)?$ Ruby script text +!:strength + 10 +!:mime text/x-ruby +# Looks for function definition to balance python magic +# def name (args) +# end +0 regex \^[[:space:]]*def\ [a-z]|def\ [[:alpha:]]+::[a-z] +>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text +!:strength + 10 +!:mime text/x-ruby + +0 regex \^[[:space:]]*require[[:space:]]'[A-Za-z_/]+' Ruby script text +!:mime text/x-ruby +0 regex \^[[:space:]]*include\ ([A-Z]+[a-z]*(::))+ Ruby script text !:mime text/x-ruby diff --git a/magic/Magdir/sendmail b/magic/Magdir/sendmail index 3cfeda7..840859c 100644 --- a/magic/Magdir/sendmail +++ b/magic/Magdir/sendmail @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------ -# $File: sendmail,v 1.9 2017/03/17 21:35:28 christos Exp $ +# $File: sendmail,v 1.10 2017/08/13 00:21:47 christos Exp $ # sendmail: file(1) magic for sendmail config files # # XXX - byte order? @@ -15,7 +15,7 @@ # http://www.sendmail.com/sm/open_source/docs/older_release_notes/ # freezed configuration file (dbm format?) created from sendmal.cf with -bz # by older sendmail. til version 8.6 support for frozen configuration files is removed -# valid version numbers look like "7.14.4" and should be simliar to output of commands +# valid version numbers look like "7.14.4" and should be similar to output of commands # "sendmail -d0 -bt < /dev/null |grep -i Version" or "egrep '^DZ' /etc/sendmail.cf" >16 regex/s =^[0-78][0-9.]{4} Sendmail frozen configuration # normally only /etc/sendmail.fc or /var/adm/sendmail/sendmail.fc diff --git a/magic/Magdir/sgml b/magic/Magdir/sgml index ef2fd75..34edd3c 100644 --- a/magic/Magdir/sgml +++ b/magic/Magdir/sgml @@ -1,10 +1,10 @@ #------------------------------------------------------------------------------ -# $File: sgml,v 1.35 2016/10/25 20:37:40 christos Exp $ +# $File: sgml,v 1.37 2017/07/23 08:23:33 christos Exp $ # Type: SVG Vectorial Graphics # From: Noel Torres -0 string \15 string >\0 +0 string \14 regex ['"\ \t]*[0-9.]+['"\ \t]* >>19 search/4096 \>19 search/4096 \>19 search/4096 \ -0 string \15 string >\0 +0 string \14 regex ['"\ \t]*[0-9.]+['"\ \t]* >>19 search/4096 \4 lelong >2047 >8 byte <20 YARA 3.x compiled rule set # version ->>8 clear +>>8 clear x >>8 byte 6 created with version 3.3.0 >>8 byte 8 created with version 3.4.0 >>8 byte 11 created with version 3.5.0 diff --git a/magic/Makefile.am b/magic/Makefile.am index 53c1da8..5259a47 100644 --- a/magic/Makefile.am +++ b/magic/Makefile.am @@ -1,5 +1,5 @@ # -# $File: Makefile.am,v 1.124 2017/04/11 14:52:15 christos Exp $ +# $File: Makefile.am,v 1.126 2017/08/10 11:01:38 christos Exp $ # MAGIC_FRAGMENT_BASE = Magdir MAGIC_DIR = $(top_srcdir)/magic @@ -35,6 +35,7 @@ $(MAGIC_FRAGMENT_DIR)/audio \ $(MAGIC_FRAGMENT_DIR)/basis \ $(MAGIC_FRAGMENT_DIR)/ber \ $(MAGIC_FRAGMENT_DIR)/bflt \ +$(MAGIC_FRAGMENT_DIR)/bhl \ $(MAGIC_FRAGMENT_DIR)/bioinformatics \ $(MAGIC_FRAGMENT_DIR)/blackberry \ $(MAGIC_FRAGMENT_DIR)/blcr \ @@ -98,6 +99,7 @@ $(MAGIC_FRAGMENT_DIR)/fsav \ $(MAGIC_FRAGMENT_DIR)/fusecompress \ $(MAGIC_FRAGMENT_DIR)/games \ $(MAGIC_FRAGMENT_DIR)/gcc \ +$(MAGIC_FRAGMENT_DIR)/gconv \ $(MAGIC_FRAGMENT_DIR)/geo \ $(MAGIC_FRAGMENT_DIR)/geos \ $(MAGIC_FRAGMENT_DIR)/gimp \ diff --git a/src/apprentice.c b/src/apprentice.c index f8f2e17..a7b4dd8 100644 --- a/src/apprentice.c +++ b/src/apprentice.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: apprentice.c,v 1.260 2017/04/28 16:27:58 christos Exp $") +FILE_RCSID("@(#)$File: apprentice.c,v 1.262 2017/08/28 13:39:18 christos Exp $") #endif /* lint */ #include "magic.h" @@ -612,8 +612,7 @@ buffer_apprentice(struct magic_set *ms, struct magic **bufs, if (nbufs == 0) return -1; - if (ms->mlist[0] != NULL) - file_reset(ms); + (void)file_reset(ms, 0); init_file_tables(); @@ -656,8 +655,7 @@ file_apprentice(struct magic_set *ms, const char *fn, int action) int file_err, errs = -1; size_t i; - if (ms->mlist[0] != NULL) - file_reset(ms); + (void)file_reset(ms, 0); if ((fn = magic_getpath(fn, action)) == NULL) return -1; @@ -779,6 +777,59 @@ nonmagic(const char *str) return rv == 0 ? 1 : rv; /* Return at least 1 */ } + +private size_t +typesize(int type) +{ + switch (type) { + case FILE_BYTE: + return 1; + + case FILE_SHORT: + case FILE_LESHORT: + case FILE_BESHORT: + return 2; + + case FILE_LONG: + case FILE_LELONG: + case FILE_BELONG: + case FILE_MELONG: + return 4; + + case FILE_DATE: + case FILE_LEDATE: + case FILE_BEDATE: + case FILE_MEDATE: + case FILE_LDATE: + case FILE_LELDATE: + case FILE_BELDATE: + case FILE_MELDATE: + case FILE_FLOAT: + case FILE_BEFLOAT: + case FILE_LEFLOAT: + return 4; + + case FILE_QUAD: + case FILE_BEQUAD: + case FILE_LEQUAD: + case FILE_QDATE: + case FILE_LEQDATE: + case FILE_BEQDATE: + case FILE_QLDATE: + case FILE_LEQLDATE: + case FILE_BEQLDATE: + case FILE_QWDATE: + case FILE_LEQWDATE: + case FILE_BEQWDATE: + case FILE_DOUBLE: + case FILE_BEDOUBLE: + case FILE_LEDOUBLE: + return 8; + default: + return (size_t)~0; + } +} + /* * Get weight of this magic entry, for sorting purposes. */ @@ -786,7 +837,7 @@ private size_t apprentice_magic_strength(const struct magic *m) { #define MULT 10 - size_t v, val = 2 * MULT; /* baseline strength */ + size_t ts, v, val = 2 * MULT; /* baseline strength */ switch (m->type) { case FILE_DEFAULT: /* make sure this sorts last */ @@ -795,41 +846,13 @@ apprentice_magic_strength(const struct magic *m) return 0; case FILE_BYTE: - val += 1 * MULT; - break; - case FILE_SHORT: case FILE_LESHORT: case FILE_BESHORT: - val += 2 * MULT; - break; - case FILE_LONG: case FILE_LELONG: case FILE_BELONG: case FILE_MELONG: - val += 4 * MULT; - break; - - case FILE_PSTRING: - case FILE_STRING: - val += m->vallen * MULT; - break; - - case FILE_BESTRING16: - case FILE_LESTRING16: - val += m->vallen * MULT / 2; - break; - - case FILE_SEARCH: - val += m->vallen * MAX(MULT / m->vallen, 1); - break; - - case FILE_REGEX: - v = nonmagic(m->value.s); - val += v * MAX(MULT / v, 1); - break; - case FILE_DATE: case FILE_LEDATE: case FILE_BEDATE: @@ -841,9 +864,6 @@ apprentice_magic_strength(const struct magic *m) case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - val += 4 * MULT; - break; - case FILE_QUAD: case FILE_BEQUAD: case FILE_LEQUAD: @@ -859,7 +879,29 @@ apprentice_magic_strength(const struct magic *m) case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - val += 8 * MULT; + ts = typesize(m->type); + if (ts == (size_t)~0) + abort(); + val += ts * MULT; + break; + + case FILE_PSTRING: + case FILE_STRING: + val += m->vallen * MULT; + break; + + case FILE_BESTRING16: + case FILE_LESTRING16: + val += m->vallen * MULT / 2; + break; + + case FILE_SEARCH: + val += m->vallen * MAX(MULT / m->vallen, 1); + break; + + case FILE_REGEX: + v = nonmagic(m->value.s); + val += v * MAX(MULT / v, 1); break; case FILE_INDIRECT: @@ -2623,9 +2665,46 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action) default: if (m->reln != 'x') { char *ep; + uint64_t ull; errno = 0; - m->value.q = file_signextend(ms, m, - (uint64_t)strtoull(*p, &ep, 0)); + ull = (uint64_t)strtoull(*p, &ep, 0); + m->value.q = file_signextend(ms, m, ull); + if (*p == ep) { + file_magwarn(ms, "Unparseable number `%s'", *p); + } else { + size_t ts = typesize(m->type); + uint64_t x; + const char *q; + + if (ts == (size_t)~0) { + file_magwarn(ms, "Expected numeric type got `%s'", + type_tbl[m->type].name); + } + for (q = *p; isspace((unsigned char)*q); q++) + continue; + if (*q == '-') + ull = -(int64_t)ull; + switch (ts) { + case 1: + x = ull & ~0xffULL; + break; + case 2: + x = ull & ~0xffffULL; + break; + case 4: + x = ull & ~0xffffffffULL; + break; + case 8: + x = 0; + break; + default: + abort(); + } + if (x) { + file_magwarn(ms, "Overflow for numeric type `%s' value %#" PRIx64, + type_tbl[m->type].name, ull); + } + } if (errno == 0) { *p = ep; eatsize(p); diff --git a/src/compress.c b/src/compress.c index 3dfb980..2f789cd 100644 --- a/src/compress.c +++ b/src/compress.c @@ -35,7 +35,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: compress.c,v 1.104 2017/03/29 15:57:48 christos Exp $") +FILE_RCSID("@(#)$File: compress.c,v 1.105 2017/05/25 00:13:03 christos Exp $") #endif #include "magic.h" @@ -751,7 +751,7 @@ err: } else if (!WIFEXITED(status)) { DPRINTF("Child not exited (%#x)\n", status); } else if (WEXITSTATUS(status) != 0) { - DPRINTF("Child exited (%#u)\n", WEXITSTATUS(status)); + DPRINTF("Child exited (%#x)\n", WEXITSTATUS(status)); } closefd(fdp[STDIN_FILENO], 0); diff --git a/src/file.h b/src/file.h index 1229959..eb9c054 100644 --- a/src/file.h +++ b/src/file.h @@ -27,7 +27,7 @@ */ /* * file.h - definitions for file(1) program - * @(#)$File: file.h,v 1.182 2017/04/07 19:46:44 christos Exp $ + * @(#)$File: file.h,v 1.183 2017/08/28 13:39:18 christos Exp $ */ #ifndef __file_h__ @@ -447,7 +447,7 @@ protected size_t file_printedlen(const struct magic_set *); protected int file_replace(struct magic_set *, const char *, const char *); protected int file_printf(struct magic_set *, const char *, ...) __attribute__((__format__(__printf__, 2, 3))); -protected int file_reset(struct magic_set *); +protected int file_reset(struct magic_set *, int); protected int file_tryelf(struct magic_set *, int, const unsigned char *, size_t); protected int file_trycdf(struct magic_set *, int, const unsigned char *, diff --git a/src/fsmagic.c b/src/fsmagic.c index 5b537ac..c0a437a 100644 --- a/src/fsmagic.c +++ b/src/fsmagic.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: fsmagic.c,v 1.75 2014/12/04 15:56:46 christos Exp $") +FILE_RCSID("@(#)$File: fsmagic.c,v 1.77 2017/05/24 19:17:50 christos Exp $") #endif /* lint */ #include "magic.h" @@ -104,14 +104,13 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) { int ret, did = 0; int mime = ms->flags & MAGIC_MIME; + int silent = ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION); #ifdef S_IFLNK char buf[BUFSIZ+4]; ssize_t nch; struct stat tstatbuf; #endif - if (ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION)) - return 0; if (fn == NULL) return 0; @@ -168,7 +167,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) } ret = 1; - if (!mime) { + if (!mime && !silent) { #ifdef S_ISUID if (sb->st_mode & S_ISUID) if (file_printf(ms, "%ssetuid", COMMA) == -1) @@ -191,6 +190,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "directory") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sdirectory", COMMA) == -1) return -1; break; @@ -208,6 +208,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "chardevice") == -1) return -1; + } else if (silent) { } else { #ifdef HAVE_STRUCT_STAT_ST_RDEV # ifdef dv_unit @@ -242,6 +243,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "blockdevice") == -1) return -1; + } else if (silent) { } else { #ifdef HAVE_STRUCT_STAT_ST_RDEV # ifdef dv_unit @@ -270,6 +272,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "fifo") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sfifo (named pipe)", COMMA) == -1) return -1; break; @@ -279,6 +282,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "door") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sdoor", COMMA) == -1) return -1; break; @@ -294,6 +298,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "symlink") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sunreadable symlink `%s' (%s)", COMMA, fn, strerror(errno)) == -1) @@ -323,6 +328,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (handle_mime(ms, mime, "x-path-too-long") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%spath too long: `%s'", COMMA, fn) == -1) @@ -352,6 +358,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "symlink") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%ssymbolic link to %s", COMMA, buf) == -1) return -1; @@ -364,6 +371,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "socket") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%ssocket", COMMA) == -1) return -1; break; @@ -386,6 +394,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) if (mime) { if (handle_mime(ms, mime, "x-empty") == -1) return -1; + } else if (silent) { } else if (file_printf(ms, "%sempty", COMMA) == -1) return -1; break; @@ -399,7 +408,7 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb) /*NOTREACHED*/ } - if (!mime && did && ret == 0) { + if (!silent && !mime && did && ret == 0) { if (file_printf(ms, " ") == -1) return -1; } diff --git a/src/funcs.c b/src/funcs.c index 33778ff..d7a18f4 100644 --- a/src/funcs.c +++ b/src/funcs.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: funcs.c,v 1.92 2017/04/07 20:10:24 christos Exp $") +FILE_RCSID("@(#)$File: funcs.c,v 1.93 2017/08/28 13:39:18 christos Exp $") #endif /* lint */ #include "magic.h" @@ -328,9 +328,9 @@ simple: #endif protected int -file_reset(struct magic_set *ms) +file_reset(struct magic_set *ms, int checkloaded) { - if (ms->mlist[0] == NULL) { + if (checkloaded && ms->mlist[0] == NULL) { file_error(ms, 0, "no magic files loaded"); return -1; } diff --git a/src/magic.c b/src/magic.c index a9b7e32..1448a69 100644 --- a/src/magic.c +++ b/src/magic.c @@ -33,7 +33,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: magic.c,v 1.99 2016/05/03 16:09:38 christos Exp $") +FILE_RCSID("@(#)$File: magic.c,v 1.102 2017/08/28 13:39:18 christos Exp $") #endif /* lint */ #include "magic.h" @@ -167,7 +167,7 @@ DllMain(HINSTANCE hinstDLL, DWORD fdwReason, { if (fdwReason == DLL_PROCESS_ATTACH) _w32_dll_instance = hinstDLL; - return TRUE; + return 1; } #endif @@ -409,7 +409,7 @@ file_or_fd(struct magic_set *ms, const char *inname, int fd) int ispipe = 0; off_t pos = (off_t)-1; - if (file_reset(ms) == -1) + if (file_reset(ms, 1) == -1) goto out; /* @@ -538,7 +538,7 @@ magic_buffer(struct magic_set *ms, const void *buf, size_t nb) { if (ms == NULL) return NULL; - if (file_reset(ms) == -1) + if (file_reset(ms, 1) == -1) return NULL; /* * The main work is done here! @@ -568,6 +568,15 @@ magic_errno(struct magic_set *ms) } public int +magic_getflags(struct magic_set *ms) +{ + if (ms == NULL) + return -1; + + return ms->flags; +} + +public int magic_setflags(struct magic_set *ms, int flags) { if (ms == NULL) diff --git a/src/magic.h.in b/src/magic.h.in index 3d6954a..1134bdc 100644 --- a/src/magic.h.in +++ b/src/magic.h.in @@ -73,6 +73,35 @@ 0 \ ) +#define MAGIC_SNPRINTB "\177\020\ +b\0debug\0\ +b\1symlink\0\ +b\2compress\0\ +b\3devices\0\ +b\4mime_type\0\ +b\5continue\0\ +b\6check\0\ +b\7preserve_atime\0\ +b\10raw\0\ +b\11error\0\ +b\12mime_encoding\0\ +b\13apple\0\ +b\14no_check_compress\0\ +b\15no_check_tar\0\ +b\16no_check_soft\0\ +b\17no_check_sapptype\0\ +b\20no_check_elf\0\ +b\21no_check_text\0\ +b\22no_check_cdf\0\ +b\23no_check_reserved0\0\ +b\24no_check_tokens\0\ +b\25no_check_encoding\0\ +b\26no_check_reserved1\0\ +b\27no_check_reserved2\0\ +b\30extension\0\ +b\31transp_compression\0\ +" + /* Defined for backwards compatibility (renamed) */ #define MAGIC_NO_CHECK_ASCII MAGIC_NO_CHECK_TEXT @@ -97,6 +126,7 @@ const char *magic_descriptor(magic_t, int); const char *magic_buffer(magic_t, const void *, size_t); const char *magic_error(magic_t); +int magic_getflags(magic_t); int magic_setflags(magic_t, int); int magic_version(void); diff --git a/src/readelf.c b/src/readelf.c index c6b10f9..5f425c9 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: readelf.c,v 1.136 2017/03/29 19:09:52 christos Exp $") +FILE_RCSID("@(#)$File: readelf.c,v 1.138 2017/08/27 07:55:02 christos Exp $") #endif #ifdef BUILTIN_ELF @@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, size_t noff, size_t doff, int *flags) { if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && - type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) { + type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) { uint8_t desc[20]; const char *btype; uint32_t i; @@ -1209,8 +1209,8 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, size_t nbadcap = 0; void *nbuf; off_t noff, coff, name_off; - uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */ - uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilites */ + uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilities */ + uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilities */ char name[50]; ssize_t namesize; diff --git a/src/readelf.h b/src/readelf.h index a25dab2..ef880b9 100644 --- a/src/readelf.h +++ b/src/readelf.h @@ -141,7 +141,7 @@ typedef struct { #define SHT_SYMTAB 2 #define SHT_NOTE 7 #define SHT_DYNSYM 11 -#define SHT_SUNW_cap 0x6ffffff5 /* SunOS 5.x hw/sw capabilites */ +#define SHT_SUNW_cap 0x6ffffff5 /* SunOS 5.x hw/sw capabilities */ /* elf type */ #define ELFDATANONE 0 /* e_ident[EI_DATA] */ diff --git a/src/softmagic.c b/src/softmagic.c index b7d6993..b9e9753 100644 --- a/src/softmagic.c +++ b/src/softmagic.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: softmagic.c,v 1.248 2017/04/21 16:54:57 christos Exp $") +FILE_RCSID("@(#)$File: softmagic.c,v 1.249 2017/06/19 18:30:25 christos Exp $") #endif /* lint */ #include "magic.h" @@ -1199,7 +1199,7 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, const char *end; size_t lines, linecnt, bytecnt; - if (s == NULL) { + if (s == NULL || nbytes < offset) { ms->search.s_len = 0; ms->search.s = NULL; return 0; diff --git a/src/vasprintf.c b/src/vasprintf.c index cc795ec..ad1d316 100644 --- a/src/vasprintf.c +++ b/src/vasprintf.c @@ -88,7 +88,7 @@ type: d i o u x X f e g E G c s p n The function needs to allocate memory to store the full text before to -actually writting it. i.e if you want to fnprintf() 1000 characters, the +actually writing it. i.e if you want to fnprintf() 1000 characters, the functions will allocate 1000 bytes. This behaviour can be modified: you have to customise the code to flush the internal buffer (writing to screen or file) when it reach a given size. Then @@ -108,7 +108,7 @@ you use strange formats. #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: vasprintf.c,v 1.12 2014/05/14 23:09:21 christos Exp $") +FILE_RCSID("@(#)$File: vasprintf.c,v 1.14 2017/08/13 00:21:47 christos Exp $") #endif /* lint */ #include diff --git a/tests/Makefile.am b/tests/Makefile.am index 2d18efa..8bf4f27 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -7,6 +7,8 @@ escapevel.result \ escapevel.testfile \ gedcom.result \ gedcom.testfile \ +hddrawcopytool.result \ +hddrawcopytool.testfile \ issue311docx.result \ issue311docx.testfile diff --git a/tests/hddrawcopytool.result b/tests/hddrawcopytool.result new file mode 100644 index 0000000..0fe077d --- /dev/null +++ b/tests/hddrawcopytool.result @@ -0,0 +1 @@ +HDD Raw Copy Tool 1.10 - HD model: ST500DM0 02-1BD142 serial: 51D20233A7C0 \ No newline at end of file diff --git a/tests/hddrawcopytool.testfile b/tests/hddrawcopytool.testfile new file mode 100644 index 0000000000000000000000000000000000000000..36ad7c64d14803054d25f296fc4a64496b2de695 GIT binary patch literal 1280 zcmWgiaB)!xN-S4!&M&A`2+7aSVHi<>#Zb@CU_|*C)w4puA*KcfF1`i|21dGuPA-Nf iMyLvgIgiBv2!^>I@p+HO)X>Gqz{uFx(cF0?h64a35)IS< literal 0 HcmV?d00001 diff --git a/tests/test.c b/tests/test.c index db91c62..330a357 100644 --- a/tests/test.c +++ b/tests/test.c @@ -80,7 +80,8 @@ main(int argc, char **argv) return 10; } if (magic_load(ms, NULL) == -1) { - (void)fprintf(stderr, "ERROR loading with NULL file: %s\n", magic_error(ms)); + (void)fprintf(stderr, "ERROR loading with NULL file: %s\n", + magic_error(ms)); return 11; } -- 2.7.4