static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mimetype_emu) /* {{{ */
{
zend_long options = 0;
char *ret_val = NULL, *buffer = NULL;
size_t buffer_len;
php_fileinfo *finfo = NULL;
zval *zfinfo, *zcontext = NULL;
zval *what;
char mime_directory[] = "directory";
struct magic_set *magic = NULL;
FILEINFO_DECLARE_INIT_OBJECT(object)
if (mimetype_emu) {
/* mime_content_type(..) emulation */
if (zend_parse_parameters(ZEND_NUM_ARGS(), "z", &what) == FAILURE) {
return;
}
switch (Z_TYPE_P(what)) {
case IS_STRING:
buffer = Z_STRVAL_P(what);
buffer_len = Z_STRLEN_P(what);
mode = FILEINFO_MODE_FILE;
break;
case IS_RESOURCE:
mode = FILEINFO_MODE_STREAM;
break;
default:
php_error_docref(NULL, E_WARNING, "Can only process string or stream arguments");
RETURN_FALSE;
}
magic = magic_open(MAGIC_MIME_TYPE);
if (magic_load(magic, NULL) == -1) {
php_error_docref(NULL, E_WARNING, "Failed to load magic database.");
goto common;
}
} else if (object) {
if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|lr", &buffer, &buffer_len, &options, &zcontext) == FAILURE) {
RETURN_FALSE;
}
FILEINFO_FROM_OBJECT(finfo, object);
magic = finfo->magic;
} else {
if (zend_parse_parameters(ZEND_NUM_ARGS(), "rs|lr", &zfinfo, &buffer, &buffer_len, &options, &zcontext) == FAILURE) {
RETURN_FALSE;
}
if ((finfo = (php_fileinfo *)zend_fetch_resource(Z_RES_P(zfinfo), "file_info", le_fileinfo)) == NULL) {
RETURN_FALSE;
}
magic = finfo->magic;
}
/* Set options for the current file/buffer. */
if (options) {
FINFO_SET_OPTION(magic, options)
}
switch (mode) {
case FILEINFO_MODE_BUFFER:
{
ret_val = (char *) magic_buffer(magic, buffer, buffer_len);
break;
}
case FILEINFO_MODE_STREAM:
{
php_stream *stream;
zend_off_t streampos;
php_stream_from_zval_no_verify(stream, what);
if (!stream) {
goto common;
}
streampos = php_stream_tell(stream); /* remember stream position for restoration */
php_stream_seek(stream, 0, SEEK_SET);
ret_val = (char *) magic_stream(magic, stream);
php_stream_seek(stream, streampos, SEEK_SET);
break;
}
case FILEINFO_MODE_FILE:
{
/* determine if the file is a local file or remote URL */
const char *tmp2;
php_stream_wrapper *wrap;
php_stream_statbuf ssb;
if (buffer == NULL || !*buffer) {
php_error_docref(NULL, E_WARNING, "Empty filename or path");
RETVAL_FALSE;
goto clean;
}
wrap = php_stream_locate_url_wrapper(buffer, &tmp2, 0);
if (wrap) {
php_stream *stream;
php_stream_context *context = php_stream_context_from_zval(zcontext, 0);
#ifdef PHP_WIN32
if (php_stream_stat_path_ex(buffer, 0, &ssb, context) == SUCCESS) {
if (ssb.sb.st_mode & S_IFDIR) {
ret_val = mime_directory;
goto common;
}
}
#endif
#if PHP_API_VERSION < 20100412
stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
#else
stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context);
#endif
if (!stream) {
RETVAL_FALSE;
goto clean;
}
if (php_stream_stat(stream, &ssb) == SUCCESS) {
if (ssb.sb.st_mode & S_IFDIR) {
ret_val = mime_directory;
} else {
ret_val = (char *)magic_stream(magic, stream);
}
}
php_stream_close(stream);
}
break;
}
default:
php_error_docref(NULL, E_WARNING, "Can only process string or stream arguments");
}
common:
if (ret_val) {
RETVAL_STRING(ret_val);
} else {
php_error_docref(NULL, E_WARNING, "Failed identify data %d:%s", magic_errno(magic), magic_error(magic));
RETVAL_FALSE;
}
clean:
if (mimetype_emu) {
magic_close(magic);
}
/* Restore options */
if (options) {
FINFO_SET_OPTION(magic, finfo->options)
}
return;
}
std::string
MagicNumber::identify(const MemoryMap &map, rose_addr_t va) const {
uint8_t buf[256];
size_t nBytes = map.at(va).limit(std::min(maxBytes_, sizeof buf)).read(buf).size();
if (0==nBytes)
return "empty";
#ifdef ROSE_HAVE_LIBMAGIC
return magic_buffer(details_->cookie, buf, nBytes);
#elif defined(BOOST_WINDOWS)
throw std::runtime_error("magic number identification is not supported on Microsoft Windows");
#elif BOOST_FILESYSTEM_VERSION == 2
throw std::runtime_error("MagicNumber::identify must have either libmagic or boost::filesystem version 3");
#else
// We can maybe still do it, but this will be much, much slower. We copy some specimen memory into a temporary file, then
// run the unix file(1) command on it, then delete the temp file.
static int ncalls = 0;
if (1 == ++ncalls)
mlog[WARN] <<"libmagic is not available on this system; using slow method instead\n";
FileSystem::Path tmpFile = boost::filesystem::unique_path("/tmp/ROSE-%%%%-%%%%-%%%%-%%%%");
std::ofstream(tmpFile.c_str()).write((const char*)buf, nBytes);
std::string cmd = "file " + tmpFile.string();
std::string magic;
if (FILE *f = popen(cmd.c_str(), "r")) {
char line[1024];
if (fgets(line, sizeof line, f))
magic = boost::trim_right_copy(std::string(line).substr(tmpFile.string().size()+2)); // filename + ": "
pclose(f);
} else {
boost::filesystem::remove(tmpFile);
throw std::runtime_error("command file: " + tmpFile.string());
}
boost::filesystem::remove(tmpFile);
return magic;
#endif
}
void
xyzzy()
{
struct rule *r;
char *ftype;
char bfr[4096];
int size;
/* figure out the file type from the first block
*/
size = read(0, bfr, sizeof bfr);
ftype = magic_buffer(poof, bfr, size);
if (filetype == 0)
filetype = strdup(ftype);
/* see if it matches any of the rules
*/
for (r = rules; r ; r = r->next)
if (regexec( &(r->regex), ftype, 0, 0, 0) == 0)
plugh(r, bfr, size);
reject("can't print %s files", ftype);
exit(1);
}
/**
* The run() method is where the module's work is performed.
* The module will be passed a pointer to a file from which both
* content and metadata can be retrieved.
* @param pFile A pointer to a file to be processed.
* @returns TskModule::OK on success and TskModule::FAIL on error.
*/
TskModule::Status TSK_MODULE_EXPORT run(TskFile * pFile)
{
if (pFile == NULL)
{
LOGERROR("FileTypeSigModule: Passed NULL file pointer.");
return TskModule::FAIL;
}
if (pFile->getSize() == 0)
return TskModule::OK;
try
{
char buffer[FILE_BUFFER_SIZE];
//Do that magic magic
ssize_t readLen = pFile->read(buffer, FILE_BUFFER_SIZE);
// we shouldn't get zero as a return value since we know the file is not 0 sized at this point
if (readLen <= 0) {
std::stringstream msg;
msg << "FileTypeSigModule: Error reading file contents for file " << pFile->getId();
LOGERROR(msg.str());
return TskModule::FAIL;
}
const char *type = magic_buffer(magicHandle, buffer, readLen);
if (type == NULL) {
std::stringstream msg;
msg << "FileTypeSigModule: Error getting file type: " << magic_error(magicHandle);
LOGERROR(msg.str());
return TskModule::FAIL;
}
// clean up type -- we've seen invalid UTF-8 data being returned
char cleanType[1024];
cleanType[1023] = '\0';
strncpy(cleanType, type, 1023);
TskUtilities::cleanUTF8(cleanType);
// Add to blackboard
TskBlackboardAttribute attr(TSK_FILE_TYPE_SIG, MODULE_NAME, "", cleanType);
pFile->addGenInfoAttribute(attr);
}
catch (TskException& tskEx)
{
std::stringstream msg;
msg << "FileTypeModule: Caught framework exception: " << tskEx.message();
LOGERROR(msg.str());
return TskModule::FAIL;
}
catch (std::exception& ex)
{
std::stringstream msg;
msg << "FileTypeModule: Caught exception: " << ex.what();
LOGERROR(msg.str());
return TskModule::FAIL;
}
return TskModule::OK;
}
/** \test magic lib calls -- lookup */
int MagicDetectTest04(void)
{
magic_t magic_ctx;
char *result = NULL;
char buffer[] = {
0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x08,
0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c, 0x8b, 0x70,
0x96, 0x08, 0x1c, 0x00, 0x00, 0x00, 0x1c, 0x00,
0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x73, 0x75,
0x6e, 0x2e, 0x78, 0x6d, 0x6c, 0x2e, 0x62, 0x61,
0x73, 0x65, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00,
0x00, 0x08, 0x00, 0x00, 0x52, 0x7b, 0x86, 0x3c,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00,
0x4d, 0x45, 0x54, 0x41, 0x2d, 0x49, 0x4e, 0x46,
0x2f, 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00,
0x08, 0x08, 0x00, 0xa8, 0x42, 0x1d, 0x37, 0x5d,
0xa7, 0xb2, 0xc1, 0xde, 0x01, 0x00, 0x00, 0x7e,
0x04, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x63,
0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x78,
0x6d, 0x6c, 0x95, 0x54, 0x4d, 0x6f, 0xdb, 0x30,
0x0c, 0xbd, 0xe7, 0x57, 0x18, 0x02, 0x06, 0x6c,
0x07, 0xc5, 0xe9, 0xb6, 0xc3, 0x22, 0xc4, 0x29,
0x86, 0x7d, 0x00, 0x05, 0x8a, 0x9d, 0xb2, 0x43,
0x8f, 0xb2, 0x24, 0xa7, 0xc2, 0x64, 0xc9, 0x15,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
magic_ctx = magic_open(0);
if (magic_ctx == NULL) {
printf("failure retrieving magic_ctx\n");
return 0;
}
if (magic_load(magic_ctx, NULL) == -1) {
printf("magic_load failure\n");
goto end;
}
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
if (result == NULL || strcmp(result, "OpenOffice.org 1.x Database file") != 0) {
printf("result %p:%s, not \"OpenOffice.org 1.x Database file\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
magic_close(magic_ctx);
return retval;
}
static PyObject* py_magic_buffer(PyObject* self, PyObject* args)
{
PyObject *pycookie;
magic_t cookie;
void* buffer = NULL;
int buffer_length = 0;
const char* message = NULL;
PyObject* result = Py_None;
if(!(PyArg_ParseTuple(args, "Os#", &pycookie, (char**)&buffer,
&buffer_length)))
return NULL;
cookie = PyCObject_AsVoidPtr(pycookie);
message = magic_buffer(cookie, buffer, buffer_length);
if(message != NULL) {
result = PyString_FromString(message);
} else {
/** An error occurs we return it now: */
PyErr_SetString(PyExc_RuntimeError, magic_error(cookie));
return NULL;
};
return PyString_FromString(message);
}
const char * rpmmgBuffer(rpmmg mg, const char * b, size_t nb)
{
const char * t = NULL;
if (_rpmmg_debug)
fprintf(stderr, "--> rpmmgBuffer(%p, %p[%d])\n", mg, b, (int)nb);
if (nb == 0) nb = strlen(b);
#if defined(HAVE_MAGIC_H)
if (mg->ms) {
t = magic_buffer(mg->ms, b, nb);
/* XXX HACK: libmagic compiled without <pcreposix.h> spews here. */
if (t == NULL) {
const char * msg = magic_error(mg->ms);
if (strstr(msg, "regexec error 17, (match failed)") == NULL)
rpmlog(RPMLOG_ERR, _("magic_buffer(ms, %p[%u]) failed: %s\n"),
b, (unsigned)nb, msg);
}
}
#endif
if (t == NULL) t = "";
t = xstrdup(t);
if (_rpmmg_debug)
fprintf(stderr, "<-- rpmmgBuffer(%p, %p[%d]) %s\n", mg, b, (int)nb, t);
return t;
}
/** \test magic lib calls -- lookup */
int MagicDetectTest01(void)
{
magic_t magic_ctx;
char *result = NULL;
char buffer[] = { 0x25, 'P', 'D', 'F', '-', '1', '.', '3', 0x0d, 0x0a};
size_t buffer_len = sizeof(buffer);
int retval = 0;
magic_ctx = magic_open(0);
if (magic_ctx == NULL) {
printf("failure retrieving magic_ctx\n");
return 0;
}
if (magic_load(magic_ctx, NULL) == -1) {
printf("magic_load failure\n");
goto end;
}
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
if (result == NULL || strncmp(result, "PDF document", 12) != 0) {
printf("result %p:%s, not \"PDF document\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
magic_close(magic_ctx);
return retval;
}
/*
* Sandboxed magic_buffer invocation
*
* a0 holds length of the output capabilty, a1 holds the length of the
* magic data, and a2 holds the length of the input file buffer. a3
* indicates if timing data should be collected.
*/
int
invoke(register_t a0, register_t a1, register_t a2, register_t a3)
{
int ret = 0;
size_t outsize, magicsize, filesize;
char *filebuf;
const char *type, *errstr;
void *magicbuf;
magic_t magic;
int dotimings;
uint32_t timings[4];
outsize = a0;
magicsize = a1;
filesize = a2;
dotimings = a3;
if (dotimings)
timings[0] = sysarch(MIPS_GET_COUNT, NULL);
if ((magicbuf = malloc(magicsize)) == NULL)
return (-1);
memcpy_fromcap(magicbuf, MINIFILE_MAGIC_CAP, 0, magicsize);
magic = magic_open(MAGIC_MIME_TYPE);
if (magic == NULL)
return (-1);
if (magic_load_buffers(magic, &magicbuf, &magicsize, 1) == -1) {
magic_close(magic);
return (-1);
}
if ((filebuf = malloc(filesize)) == NULL)
return (-1);
memcpy_fromcap(filebuf, MINIFILE_FILE_CAP, 0, filesize);
if (dotimings)
timings[1] = sysarch(MIPS_GET_COUNT, NULL);
type = magic_buffer(magic, filebuf, filesize);
if (type == NULL) {
ret = -1;
errstr = magic_error(magic);
type = (errstr == NULL ? "badmagic" : errstr);
}
if (dotimings)
timings[2] = sysarch(MIPS_GET_COUNT, NULL);
memcpy_tocap(MINIFILE_OUT_CAP, type, 0, MIN(strlen(type) + 1, outsize));
if (dotimings) {
timings[3] = sysarch(MIPS_GET_COUNT, NULL);
memcpy_tocap(MINIFILE_TIMING_CAP, timings, 0,
(4 * sizeof(uint32_t)));
}
return (ret);
}
const char *type(const char *buffer, size_t size) {
const char *ret = magic_buffer(m_magic, buffer, size);
if (!ret)
ret = "none";
return ret;
}
std::string type(const std::string &content) {
const char *result(magic_buffer(magic_, content.data(), content.size()));
if (result) {
return result;
}
return "application/octet-stream";
}
std::string type(const std::string &content) {
const char *result(magic_buffer(magic_, content.data(), content.size()));
if (result) {
return result;
}
return "";
}
/** \test magic lib calls -- lookup */
int MagicDetectTest03(void)
{
magic_t magic_ctx;
char *result = NULL;
char buffer[] = {
0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
magic_ctx = magic_open(0);
if (magic_ctx == NULL) {
printf("failure retrieving magic_ctx\n");
return 0;
}
if (magic_load(magic_ctx, NULL) == -1) {
printf("magic_load failure\n");
goto end;
}
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
if (result == NULL || strcmp(result, "OpenDocument Text") != 0) {
printf("result %p:%s, not \"OpenDocument Text\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
magic_close(magic_ctx);
return retval;
}
unsigned int
peak_magic_get(struct peak_magic *self, const char *buf, const size_t len)
{
const char *name;
name = magic_buffer(self->handle, buf, len);
if (!name) {
error("error retrieving mime type: %s\n",
magic_error(self->handle));
return (MAGIC_PACKED_DATA);
}
return (peak_magic_number(name));
}
std::string FileDetector::typeOfFile(const std::string &fileName) const
{
std::string type = magic_file(mCookie, fileName.c_str());
// On Windows, non-ASCII paths fail
if (type.substr(0, 11) == "cannot open")
{
Poco::FileInputStream stream(fileName);
if (stream.good())
{
stream.get(pBuffer, MAGIC_BUFFER_SIZE);
type = magic_buffer(mCookie, pBuffer, MAGIC_BUFFER_SIZE);
}
}
return type;
}
/** \test magic lib calls -- lookup */
int MagicDetectTest02(void)
{
magic_t magic_ctx;
char *result = NULL;
char buffer[] = {
0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x3e, 0x00, 0x03, 0x00, 0xfe, 0xff, 0x09, 0x00,
0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x96, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x98, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
0x97, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
};
size_t buffer_len = sizeof(buffer);
int retval = 0;
magic_ctx = magic_open(0);
if (magic_ctx == NULL) {
printf("failure retrieving magic_ctx\n");
return 0;
}
if (magic_load(magic_ctx, NULL) == -1) {
printf("magic_load failure\n");
goto end;
}
result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
if (result == NULL || strcmp(result, MICROSOFT_OFFICE_DOC) != 0) {
printf("result %p:%s, not \"Microsoft Office Document\": ", result,result?result:"(null)");
goto end;
}
retval = 1;
end:
magic_close(magic_ctx);
return retval;
}
int is_text(magic_t cookie, const void* buf, size_t len)
{
const char* magic = magic_buffer(cookie, buf, len);
if(!magic)
{
const char* err = magic_error(cookie);
merror("%s: ERROR: magic_buffer: %s", ARGV0, err ? err : "unknown");
return(1); // TODO default to true?
}
else
{
if(strncmp(magic, "text/", 5) == 0) return(1);
}
return(0);
}
/**
* \brief Find the magic value for a buffer.
*
* \param buf the buffer
* \param buflen length of the buffer
*
* \retval result pointer to null terminated string
*/
char *MagicThreadLookup(magic_t *ctx, uint8_t *buf, uint32_t buflen)
{
const char *result = NULL;
char *magic = NULL;
if (buf != NULL && buflen > 0) {
result = magic_buffer(*ctx, (void *)buf, (size_t)buflen);
if (result != NULL) {
magic = SCStrdup(result);
if (unlikely(magic == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "Unable to dup magic");
}
}
}
SCReturnPtr(magic, "const char");
}
int main(int argc, char **argv) {
char * tmp="Hello World\n";
magic_t myt = magic_open(MAGIC_CONTINUE|MAGIC_ERROR/*|MAGIC_DEBUG*/|MAGIC_MIME);
magic_load(myt,NULL);
if (argc > 1)
{
printf("magic output: '%s'\n",magic_file(myt,argv[1]));
}
else
{
printf("magic output: '%s'\n",magic_buffer(myt,tmp,strlen(tmp)));
}
magic_close(myt);
return 0;
}
/** \test magic lib calls -- lookup */
int MagicDetectTest03(void)
{
char buffer[] = {
0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0b, 0x55, 0x2a, 0x36, 0x5e, 0xc6,
0x32, 0x0c, 0x27, 0x00, 0x00, 0x00, 0x27, 0x00,
0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6d, 0x69,
0x6d, 0x65, 0x74, 0x79, 0x70, 0x65, 0x61, 0x70,
0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x2f, 0x76, 0x6e, 0x64, 0x2e, 0x6f, 0x61,
0x73, 0x69, 0x73, 0x2e, 0x6f, 0x70, 0x65, 0x6e,
0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74,
0x2e, 0x74, 0x65, 0x78, 0x74, 0x50, 0x4b, 0x03,
0x04, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
0x55, 0x2a, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
0x00, 0x00, 0x00, 0x43, 0x6f, 0x6e, 0x66, 0x69,
0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
0x73, 0x62, 0x61, 0x72, 0x2f, 0x50, 0x4b, 0x03,
0x04, 0x14, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b,
};
size_t buffer_len = sizeof(buffer);
magic_t magic_ctx = magic_open(0);
FAIL_IF_NULL(magic_ctx);
FAIL_IF(magic_load(magic_ctx, NULL) == -1);
char *result = (char *)magic_buffer(magic_ctx, (void *)buffer, buffer_len);
FAIL_IF_NULL(result);
char *str = strstr(result, "OpenDocument Text");
if (str == NULL) {
printf("result %s, not \"OpenDocument Text\": ", str);
FAIL;
}
magic_close(magic_ctx);
PASS;
}
const char *os_mime_type_guess_fd(int fd)
{
magic_t m;
const char *mime_type;
char *buffer[BUFFER_SIZE];
int n_read;
m = get_private_magic();
if ((n_read = read(fd, buffer, BUFFER_SIZE)) < 0) {
a6o_log(ARMADITO_LOG_LIB, ARMADITO_LOG_LEVEL_WARNING, "cannot read %d bytes from file descriptor %d", BUFFER_SIZE, fd);
return NULL;
}
mime_type = magic_buffer(m, buffer, n_read);
return strdup(mime_type);
}
gchar* guessEncoding(const char* buffer, size_t len) {
gchar* result = NULL;
#ifdef HAVE_CHARDET
uchardet_t cd = uchardet_new();
if (!uchardet_handle_data(cd, buffer, len)) {
uchardet_data_end(cd);
const char* chardet = uchardet_get_charset(cd);
if (chardet && strcmp(chardet, "")!=0) {
result = g_strdup(chardet);
}
}
uchardet_delete(cd);
#else
magic_t cookie = magic_open(MAGIC_MIME);
magic_load(cookie, NULL);
const char* resp = magic_buffer(cookie, buffer, len);
if (!resp)
{
printf("magic error: %s\n", magic_error(cookie));
goto done;
}
char* charset = strstr(resp, "charset=");
if (!charset)
{
goto done;
}
charset += 8; // len of "charset="
result = g_strdup(charset);
done:
magic_close(cookie);
#endif
return result;
}
extern char *
s_magic(url_t *u, char *name)
{
char buf[magic_size];
const char *mg;
char *m = NULL;
uint64_t pos;
int mgs;
tc2_print("STREAM", TC2_PRINT_DEBUG, "s_magic %s\n", name);
#ifdef HAVE_LIBMAGIC
pos = u->tell(u);
mgs = u->read(buf, 1, magic_size, u);
u->seek(u, pos, SEEK_SET);
if(mgs < magic_size)
return NULL;
pthread_mutex_lock(&magic_lock);
mg = magic_buffer(file_magic, buf, mgs);
if(mg){
int e;
m = strdup(mg);
e = strcspn(m, " \t;");
m[e] = 0;
if(isplaylist(u, m, name)){
free(m);
m = strdup("application/x-playlist");
} else if(!strcmp(m, "data") ||
!strcmp(m, "application/octet-stream")){
free(m);
m = NULL;
}
}
pthread_mutex_unlock(&magic_lock);
#endif
if(!m && name)
m = s_magic_suffix(name);
tc2_print("STREAM", TC2_PRINT_DEBUG, " type %s\n", m);
return m;
}
char* identify_filename(char* i_pathname, unsigned char *tmp_buf, struct ext2_inode* inode, blk_t inode_nr){
struct privat priv ;
char magic_buf[100];
int retval= 0;
priv.count = priv.error = priv.flag = 0;
priv.buf = tmp_buf;
memset(magic_buf,0,100);
if ((inode->i_mode & LINUX_S_IFMT) == LINUX_S_IFREG){
memset(tmp_buf,0,12 * current_fs->blocksize);
// iterate first 12 Data Blocks
retval = local_block_iterate3 ( current_fs, *inode, BLOCK_FLAG_DATA_ONLY, NULL, first_blocks, &priv );
if (priv.count <12){
strncpy(magic_buf, magic_buffer(cookie , tmp_buf,
((inode->i_size < 12 * current_fs->blocksize) ? inode->i_size : (12 * current_fs->blocksize))), 60);
i_pathname = get_pathname(inode_nr, i_pathname, magic_buf, tmp_buf);
}
}
return i_pathname;
}
/**
* \brief Find the magic value for a buffer.
*
* \param buf the buffer
* \param buflen length of the buffer
*
* \retval result pointer to null terminated string
*/
char *MagicGlobalLookup(uint8_t *buf, uint32_t buflen)
{
const char *result = NULL;
char *magic = NULL;
SCMutexLock(&g_magic_lock);
if (buf != NULL && buflen > 0) {
result = magic_buffer(g_magic_ctx, (void *)buf, (size_t)buflen);
if (result != NULL) {
magic = SCStrdup(result);
if (unlikely(magic == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "Unable to dup magic");
}
}
}
SCMutexUnlock(&g_magic_lock);
SCReturnPtr(magic, "const char");
}
/* Use libmagic to detect file language
*/
const char *detect_language_magic(SourceFile *sourcefile) {
char line[80];
magic_t cookie = magic_open(MAGIC_NONE);
if (cookie == NULL) {
fprintf(stderr, "libmagic: %s\n", magic_error(cookie));
exit(1);
}
if (magic_load(cookie, NULL) != 0) {
fprintf(stderr, "libmagic: %s\n", magic_error(cookie));
magic_close(cookie);
exit(1);
}
if (sourcefile->diskpath) {
const char *magic = magic_file(cookie, sourcefile->diskpath);
if (magic == NULL) {
fprintf(stderr, "libmagic: %s\n", magic_error(cookie));
magic_close(cookie);
exit(1);
}
strncpy(line, magic, sizeof(line));
line[sizeof(line)-1] = '\0';
} else {
char *p = ohcount_sourcefile_get_contents(sourcefile);
if (!p) return NULL;
const char *magic = magic_buffer(cookie, p, strlen(p));
if (magic == NULL) {
fprintf(stderr, "libmagic: %s\n", magic_error(cookie));
magic_close(cookie);
exit(1);
}
strncpy(line, magic, sizeof(line));
line[sizeof(line)-1] = '\0';
}
magic_close(cookie);
return magic_parse(line);
}
R_API const char *r_magic_buffer(RMagic* m, const void *b, size_t s) {
return magic_buffer (m, b, s);
}
static char const * auto_detect_format(sox_format_t * ft, char const * ext)
{
char data[AUTO_DETECT_SIZE];
size_t len = lsx_readbuf(ft, data, ft->seekable? sizeof(data) : PIPE_AUTO_DETECT_SIZE);
#define CHECK(type, p2, l2, d2, p1, l1, d1) if (len >= p1 + l1 && \
!memcmp(data + p1, d1, (size_t)l1) && !memcmp(data + p2, d2, (size_t)l2)) return #type;
CHECK(voc , 0, 0, "" , 0, 20, "Creative Voice File\x1a")
CHECK(smp , 0, 0, "" , 0, 17, "SOUND SAMPLE DATA")
CHECK(wve , 0, 0, "" , 0, 15, "ALawSoundFile**")
CHECK(gsrt , 0, 0, "" , 16, 9, "ring.bin")
CHECK(amr-wb, 0, 0, "" , 0, 9, "#!AMR-WB\n")
CHECK(prc , 0, 0, "" , 0, 8, "\x37\x00\x00\x10\x6d\x00\x00\x10")
CHECK(sph , 0, 0, "" , 0, 7, "NIST_1A")
CHECK(amr-nb, 0, 0, "" , 0, 6, "#!AMR\n")
CHECK(txw , 0, 0, "" , 0, 6, "LM8953")
CHECK(sndt , 0, 0, "" , 0, 6, "SOUND\x1a")
CHECK(vorbis, 0, 4, "OggS" , 29, 6, "vorbis")
CHECK(opus , 0, 4, "OggS" , 28, 8, "OpusHead")
CHECK(speex , 0, 4, "OggS" , 28, 6, "Speex")
CHECK(hcom ,65, 4, "FSSD" , 128,4, "HCOM")
CHECK(wav , 0, 4, "RIFF" , 8, 4, "WAVE")
CHECK(wav , 0, 4, "RIFX" , 8, 4, "WAVE")
CHECK(wav , 0, 4, "RF64" , 8, 4, "WAVE")
CHECK(aiff , 0, 4, "FORM" , 8, 4, "AIFF")
CHECK(aifc , 0, 4, "FORM" , 8, 4, "AIFC")
CHECK(8svx , 0, 4, "FORM" , 8, 4, "8SVX")
CHECK(maud , 0, 4, "FORM" , 8, 4, "MAUD")
CHECK(xa , 0, 0, "" , 0, 4, "XA\0\0")
CHECK(xa , 0, 0, "" , 0, 4, "XAI\0")
CHECK(xa , 0, 0, "" , 0, 4, "XAJ\0")
CHECK(au , 0, 0, "" , 0, 4, ".snd")
CHECK(au , 0, 0, "" , 0, 4, "dns.")
CHECK(au , 0, 0, "" , 0, 4, "\0ds.")
CHECK(au , 0, 0, "" , 0, 4, ".sd\0")
CHECK(flac , 0, 0, "" , 0, 4, "fLaC")
CHECK(avr , 0, 0, "" , 0, 4, "2BIT")
CHECK(caf , 0, 0, "" , 0, 4, "caff")
CHECK(wv , 0, 0, "" , 0, 4, "wvpk")
CHECK(paf , 0, 0, "" , 0, 4, " paf")
CHECK(sf , 0, 0, "" , 0, 4, "\144\243\001\0")
CHECK(sf , 0, 0, "" , 0, 4, "\0\001\243\144")
CHECK(sf , 0, 0, "" , 0, 4, "\144\243\002\0")
CHECK(sf , 0, 0, "" , 0, 4, "\0\002\243\144")
CHECK(sf , 0, 0, "" , 0, 4, "\144\243\003\0")
CHECK(sf , 0, 0, "" , 0, 4, "\0\003\243\144")
CHECK(sf , 0, 0, "" , 0, 4, "\144\243\004\0")
CHECK(sox , 0, 0, "" , 0, 4, ".SoX")
CHECK(sox , 0, 0, "" , 0, 4, "XoS.")
if (ext && !strcasecmp(ext, "snd"))
CHECK(sndr , 7, 1, "" , 0, 2, "\0")
#undef CHECK
#if HAVE_MAGIC
if (sox_globals.use_magic) {
static magic_t magic;
char const * filetype = NULL;
if (!magic) {
magic = magic_open(MAGIC_MIME | MAGIC_SYMLINK);
if (magic)
magic_load(magic, NULL);
}
if (magic)
filetype = magic_buffer(magic, data, len);
if (filetype && strncmp(filetype, "application/octet-stream", (size_t)24) &&
!lsx_strends(filetype, "/unknown") &&
strncmp(filetype, "text/plain", (size_t)10) )
return filetype;
else if (filetype)
lsx_debug("libmagic detected %s", filetype);
}
#endif
return NULL;
}
/* Search a file for magic signatures */
int process_file(char *bin_file, struct binconf *config, struct magic_signature **signatures, int num_sigs, struct magic_filter **filters, int filter_count)
{
char *md5 = NULL, *current_time = NULL, *ptr = NULL;
const void *buffer = NULL, *type = NULL;
size_t fsize = 0;
int i = 0, j = 0, retval = EXIT_FAILURE;
/* Read in the target file */
buffer = file_read(bin_file, &fsize);
if(!buffer || fsize == 0)
{
fprintf(stderr,"ERROR: Failed to read file '%s'.\n", bin_file);
goto end;
}
/* If no scan length was specified, scan the entire file */
if(!config->length || config->length > fsize)
{
config->length = fsize;
}
/* Sanity check on the length + offset values */
if((config->length + config->offset) > fsize)
{
config->length -= (config->length + config->offset) - fsize;
}
if(config->verbose)
{
md5 = md5_string((void *) buffer,fsize);
current_time = timestamp();
print("\n");
print("Scan Time: %s\n", current_time);
print("Magic File: %s\n", config->magic);
if(config->smart)
{
print("Signatures: %d\n", num_sigs);
}
else
{
print("Signatures: *\n");
}
print("Target File: %s\n", bin_file);
print("MD5 Checksum: %s\n", md5);
if(current_time) free(current_time);
if(md5) free(md5);
}
print("\nDECIMAL \tHEX \tDESCRIPTION\n");
print("-------------------------------------------------------------------------------------------------------\n");
/* Loop through the file contents starting at the given offset.
* Honor the given byte alignment (i.e., if align == 4, only look at every 4th byte).
* Stop looping when length bytes have been searched, or when the end of the file is reached.
*/
for(i=config->offset; ((i-config->offset)<config->length && i<(fsize-config->align)); i+=config->align)
{
for(j=0; j<num_sigs; j++)
{
/* Make sure we don't seek past the end of the buffer */
if(!config->smart || (i+signatures[j]->offset < fsize))
{
/* Pre-screen data for magic file signatures prior to invoking libmagic. This significantly improves scan time. */
if(!config->smart ||
signatures[j]->wildcard == 1 ||
memcmp((buffer+i+signatures[j]->offset), signatures[j]->signature, signatures[j]->size) == 0
)
{
/* Since we found a signature match, ask libmagic to further examine the given offset into the file buffer */
type = magic_buffer(config->cookie, buffer+i, (fsize-i));
/* Ignore NULL, ".*text.*" and "data" responses */
if(type != NULL && strncmp(type,DATA,DATA_SIZE) != 0 && strstr(type,TEXT) == NULL)
{
/*
* If filters were specified and the filter check specifies that
* result should be excluded, then don't display it.
*/
if(filter_count > 0)
{
/* Don't display anything that has been explicitly marked in the exclude list */
if(filter_check(filters, filter_count, (char *) type) == RESULT_EXCLUDE)
{
break;
}
}
/* Prettify output if multiple matches were found at the same offset */
if((config->flags | MAGIC_CONTINUE) == config->flags)
{
while((ptr = strstr(type, MULTIPLE_MATCH_DELIM)))
{
memcpy(ptr, MULTIPLE_MATCH_NEWLINE, MULTIPLE_MATCH_SIZE);
}
}
print("%-10d\t0x%-8X\t",i,i);
print("%s\n",type);
break;
}
}
}
}
}
print("\n");
retval = EXIT_SUCCESS;
end:
if(buffer) munmap((void *) buffer, fsize);
return retval;
}
/**
* Main callback from MHD, used to generate the page.
*
* @param cls NULL
* @param connection connection handle
* @param url requested URL
* @param method GET, PUT, POST, etc.
* @param version HTTP version
* @param upload_data data from upload (PUT/POST)
* @param upload_data_size number of bytes in "upload_data"
* @param ptr our context
* @return MHD_YES on success, MHD_NO to drop connection
*/
static int
generate_page (void *cls,
struct MHD_Connection *connection,
const char *url,
const char *method,
const char *version,
const char *upload_data,
size_t *upload_data_size, void **ptr)
{
struct MHD_Response *response;
int ret;
int fd;
struct stat buf;
if (0 != strcmp (url, "/"))
{
/* should be file download */
char file_data[MAGIC_HEADER_SIZE];
ssize_t got;
const char *mime;
if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) &&
(0 != strcmp (method, MHD_HTTP_METHOD_HEAD)) )
return MHD_NO; /* unexpected method (we're not polite...) */
if ( (0 == stat (&url[1], &buf)) &&
(NULL == strstr (&url[1], "..")) &&
('/' != url[1]))
fd = open (&url[1], O_RDONLY);
else
fd = -1;
if (-1 == fd)
return MHD_queue_response (connection,
MHD_HTTP_NOT_FOUND,
file_not_found_response);
/* read beginning of the file to determine mime type */
got = read (fd, file_data, sizeof (file_data));
if (-1 != got)
mime = magic_buffer (magic, file_data, got);
else
mime = NULL;
(void) lseek (fd, 0, SEEK_SET);
if (NULL == (response = MHD_create_response_from_fd (buf.st_size,
fd)))
{
/* internal error (i.e. out of memory) */
(void) close (fd);
return MHD_NO;
}
/* add mime type if we had one */
if (NULL != mime)
(void) MHD_add_response_header (response,
MHD_HTTP_HEADER_CONTENT_TYPE,
mime);
ret = MHD_queue_response (connection,
MHD_HTTP_OK,
response);
MHD_destroy_response (response);
return ret;
}
if (0 == strcmp (method, MHD_HTTP_METHOD_POST))
{
/* upload! */
struct UploadContext *uc = *ptr;
if (NULL == uc)
{
if (NULL == (uc = malloc (sizeof (struct UploadContext))))
return MHD_NO; /* out of memory, close connection */
memset (uc, 0, sizeof (struct UploadContext));
uc->fd = -1;
uc->connection = connection;
uc->pp = MHD_create_post_processor (connection,
64 * 1024 /* buffer size */,
&process_upload_data, uc);
if (NULL == uc->pp)
{
/* out of memory, close connection */
free (uc);
return MHD_NO;
}
*ptr = uc;
return MHD_YES;
}
if (0 != *upload_data_size)
{
if (NULL == uc->response)
(void) MHD_post_process (uc->pp,
upload_data,
*upload_data_size);
*upload_data_size = 0;
return MHD_YES;
}
/* end of upload, finish it! */
MHD_destroy_post_processor (uc->pp);
uc->pp = NULL;
if (-1 != uc->fd)
{
close (uc->fd);
uc->fd = -1;
}
if (NULL != uc->response)
{
return MHD_queue_response (connection,
MHD_HTTP_FORBIDDEN,
uc->response);
}
else
{
update_directory ();
return return_directory_response (connection);
}
}
if ( (0 == strcmp (method, MHD_HTTP_METHOD_GET)) ||
(0 == strcmp (method, MHD_HTTP_METHOD_HEAD)) )
{
return return_directory_response (connection);
}
/* unexpected request, refuse */
return MHD_queue_response (connection,
MHD_HTTP_FORBIDDEN,
request_refused_response);
}
