Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
ghostscript-mini.7320
CVE-2013-5653.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2013-5653.patch of Package ghostscript-mini.7320
From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001 From: Chris Liddell <chris.liddell@artifex.com> Date: Sat, 5 Mar 2016 14:56:03 -0800 Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER CVE-2013-5653 --- Resource/Init/gs_init.ps | 2 ++ psi/zfile.c | 36 ++++++++++++++++++++---------------- 2 files changed, 22 insertions(+), 16 deletions(-) --- ghostscript-9.15.orig/Resource/Init/gs_init.ps 2016-10-08 21:27:33.159836244 +0200 +++ ghostscript-9.15.orig/Resource/Init/gs_init.ps 2016-10-08 21:27:34.755859833 +0200 @@ -2021,6 +2021,7 @@ readonly def /.locksafe { .locksafe_userparams + systemdict /getenv {pop //false} put % setpagedevice has the side effect of clearing the page, but % we will just document that. Using setpagedevice keeps the device % properties and pagedevice .LockSafetyParams in agreement even @@ -2039,6 +2040,7 @@ readonly def %% /.locksafeglobal { .locksafe_userparams + systemdict /getenv {pop //false} put % setpagedevice has the side effect of clearing the page, but % we will just document that. Using setpagedevice keeps the device % properties and pagedevice .LockSafetyParams in agreement even --- ghostscript-9.15.orig/psi/zfile.c 2016-10-08 21:27:34.759859892 +0200 +++ ghostscript-9.15.orig/psi/zfile.c 2016-10-08 21:28:59.229108366 +0200 @@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p) if (len < devlen) return_error(e_rangecheck); /* not even room for device len */ - memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); - code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, - len - devlen); - if (code == ~(uint) 0) { /* all done */ - esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ - return o_pop_estack; - } else if (code > len) /* overran string */ - return_error(e_rangecheck); - else { - push(1); - ref_assign(op, pscratch); - r_set_size(op, code + devlen); - push_op_estack(file_continue); /* come again */ - *++esp = pscratch[2]; /* proc */ - return o_push_estack; - } + + do { + memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); + code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, + len - devlen); + if (code == ~(uint) 0) { /* all done */ + esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ + return o_pop_estack; + } else if (code > len) /* overran string */ + return_error(gs_error_rangecheck); + else if (iodev != iodev_default(imemory) + || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) { + push(1); + ref_assign(op, pscratch); + r_set_size(op, code + devlen); + push_op_estack(file_continue); /* come again */ + *++esp = pscratch[2]; /* proc */ + return o_push_estack; + } + } while(1); } /* Cleanup procedure for enumerating files */ static int
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor