Bug 149936 - [libmagic] [patch] wrong handling of decompression utilities in libmagic
Summary: [libmagic] [patch] wrong handling of decompression utilities in libmagic
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 8.0-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2010-08-24 14:40 UTC by Martin Beran
Modified: 2017-12-31 22:35 UTC (History)
0 users

See Also:

file.diff (643 bytes, patch)
2010-08-24 14:40 UTC, Martin Beran
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Beran 2010-08-24 14:40:02 UTC
	Function magic_buffer() from libmagic(3) uses external utilities for
	decompression of compressed files. Data from an input in-memory buffer
	should be passed to the external program via a pipe. Due to an
	incorrect condition, the pipe is not initialized, hence no data are
	passed to the program. Moreover, calling close(2) with an argument
	taken from an unitialized memory location causes closing of two
	indeterministically selected file descriptors. If the descriptor
	intended for reading from the decompression process is closed, the
	libmagic code will be stuck in an endless loop, using 100 % CPU,
	calling select(2) that always fails with EBADF.

Fix: Apply the attached patch in /usr/src, recompile and reinstall
How-To-Repeat: 	Call magic_buffer(m, buf, sz) for m obtained by a prior call of
	magic_open(MAGIC_COMPRESS), with buf containing data compressed by
Comment 1 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:30 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped