Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
ghostscript
CVE-2024-33869.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-33869.patch of Package ghostscript
--- base/gpmisc.c.bsc1219357.patched.CVE-2023-36664.patched.CVE-2024-33870.patched 2024-06-28 14:37:32.710786933 +0200 +++ base/gpmisc.c 2024-06-28 15:06:44.242886198 +0200 @@ -1059,6 +1059,27 @@ gp_validate_path_len(const gs_memory_t * rlen = len; } else { + char *test = (char *)path, *test1; + uint tlen = len, slen; + + /* Look for any pipe (%pipe% or '|' specifications between path separators + * Reject any path spec which has a %pipe% or '|' anywhere except at the start. + */ + while (tlen > 0) { + if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) { + code = gs_note_error(gs_error_invalidfileaccess); + goto exit; + } + test1 = test; + slen = search_separator((const char **)&test, path + len, test1, 1); + if(slen == 0) + break; + test += slen; + tlen -= test - test1; + if (test >= path + len) + break; + } + rlen = len+1; bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); if (bufferfull == NULL) @@ -1126,8 +1147,8 @@ gp_validate_path_len(const gs_memory_t * continue; } - else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) { - buffer = bufferfull + cdirstrl + dirsepstrl; + else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull + && memcmp(buffer, cdirstr, cdirstrl) && !memcmp(buffer + cdirstrl, dirsepstr, dirsepstrl)) { continue; } break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor