From cd2a6aa33a1df2c16fe93d0554d1e9c10822d660 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 18 Apr 2013 18:09:48 -0500 Subject: [PATCH] FileAnalysis: workarounds for older libmagics. Some of the unit tests revealed different versions of libmagic could give different mime types for the same input file and magic database. One way that could happen is because of the use of hardcoded/builtin token (word) comparisons for ascii files -- MAGIC_NO_CHECK_TOKENS flag will prevent that from being used (and it's obsoleted in newer libmagics). The other problem looked like a bug fixed as of 5.05 where a match in the magic database that doesn't have a verbose description but does have a mime type won't actually return that mime type due to the the missing description. The one case where that kept popping up was in 5.04 not beign able to identify application/x-dosexec, so I added a description to the top-level match for that to workaround the issue. --- cmake | 2 +- magic/msdos | 2 +- src/util.cc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmake b/cmake index 1bfdacb892..e1a7fd00a0 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 1bfdacb8921ab0b40099f5fde7a611167bf310c3 +Subproject commit e1a7fd00a0a66d6831a239fe84f5fcfaa54e2c35 diff --git a/magic/msdos b/magic/msdos index 6182801f20..59a9d2caac 100644 --- a/magic/msdos +++ b/magic/msdos @@ -20,7 +20,7 @@ # # Many of the compressed formats were extraced from IDARC 1.23 source code. # -0 string/b MZ +0 string/b MZ DOS MZ !:mime application/x-dosexec # All non-DOS EXE extensions have the relocation table more than 0x40 bytes into the file. >0x18 leshort <0x40 MS-DOS executable diff --git a/src/util.cc b/src/util.cc index 0a9b035e96..8d5a404792 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1568,7 +1568,7 @@ void bro_init_magic(magic_t* cookie_ptr, int flags) if ( ! cookie_ptr || *cookie_ptr ) return; - *cookie_ptr = magic_open(flags); + *cookie_ptr = magic_open(flags|MAGIC_NO_CHECK_TOKENS); // Use our custom database for mime types, but the default database // from libmagic for the verbose file type.