summary refs log tree commit diff
path: root/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/ghostscript-CVE-2016-7976.patch')
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7976.patch185
1 files changed, 185 insertions, 0 deletions
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
new file mode 100644
index 0000000000..0a09f89016
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
@@ -0,0 +1,185 @@
+The following patch was adapted for GNU Ghostscript
+by Mark H Weaver <mhw@netris.org> based on:
+
+http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
+
+From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 5 Oct 2016 09:55:55 +0100
+Subject: [PATCH] Bug 697178: Add a file permissions callback
+
+For the rare occasions when the graphics library directly opens a file
+(currently for reading), this allows us to apply any restrictions on
+file access normally applied in the interpteter.
+---
+ base/gsicc_manage.c | 10 ++++++----
+ base/gslibctx.c     | 12 +++++++++++-
+ base/gslibctx.h     |  7 +++++++
+ psi/imain.c         |  2 ++
+ psi/int.mak         |  2 +-
+ psi/zfile.c         | 19 +++++++++++++++++++
+ psi/zfile.h         |  7 +++++++
+ 7 files changed, 53 insertions(+), 6 deletions(-)
+
+diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c
+index 931c2a6..e9c09c3 100644
+--- a/base/gsicc_manage.c
++++ b/base/gsicc_manage.c
+@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc,
+     }
+ 
+     /* First just try it like it is */
+-    str = sfopen(pname, "rb", mem_gc);
+-    if (str != NULL) {
+-        *strp = str;
+-        return 0;
++    if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) {
++        str = sfopen(pname, "rb", mem_gc);
++        if (str != NULL) {
++            *strp = str;
++            return 0;
++        }
+     }
+ 
+     /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index eaa0458..37ce1ca 100644
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem )
+         mem->gs_lib_ctx = NULL;
+         return -1;
+     }
+- 
++    pio->client_check_file_permission = NULL;
+     gp_get_realtime(pio->real_time_0);
+ 
+     return 0;
+@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem)
+         fflush(mem->gs_lib_ctx->fstderr);
+     /* else nothing to flush */
+ }
++
++int
++gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission)
++{
++    int code = 0;
++    if (mem->gs_lib_ctx->client_check_file_permission != NULL) {
++        code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission);
++    }
++    return code;
++}
+diff --git a/base/gslibctx.h b/base/gslibctx.h
+index 7a4e110..020e2d9 100644
+--- a/base/gslibctx.h
++++ b/base/gslibctx.h
+@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server;
+ #  define gs_font_dir_DEFINED
+ typedef struct gs_font_dir_s gs_font_dir;
+ #endif
++
++typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission);
++
+ typedef struct gs_lib_ctx_s
+ {
+     gs_memory_t *memory;  /* mem->gs_lib_ctx->memory == mem */
+@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s
+     bool dict_auto_expand;  /* ps dictionary: false level 1 true level 2 or 3 */
+     /* A table of local copies of the IODevices */
+     struct gx_io_device_s **io_device_table;
++    client_check_file_permission_t client_check_file_permission;
+     /* Define the default value of AccurateScreens that affects setscreen
+        and setcolorscreen. */
+     bool screen_accurate_screens;
+@@ -108,6 +112,9 @@ int
+ void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname,
+                         int dir_namelen);
+ 
++int
++gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission);
++
+ #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout)
+ #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr)
+ 
+diff --git a/psi/imain.c b/psi/imain.c
+index 9a9bb5d..6874128 100644
+--- a/psi/imain.c
++++ b/psi/imain.c
+@@ -57,6 +57,7 @@
+ #include "ivmspace.h"
+ #include "idisp.h"              /* for setting display device callback */
+ #include "iplugin.h"
++#include "zfile.h"
+ 
+ #ifdef PACIFY_VALGRIND
+ #include "valgrind.h"
+@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst)
+                                            "the_gs_name_table");
+             if (code < 0)
+                 return code;
++            mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions;
+         }
+         code = obj_init(&minst->i_ctx_p, &idmem);  /* requires name_init */
+         if (code < 0)
+diff --git a/psi/int.mak b/psi/int.mak
+index 4654afc..bb30d51 100644
+--- a/psi/int.mak
++++ b/psi/int.mak
+@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\
+  $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\
+  $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\
+  $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\
+- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h)
++ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h)
+ 	$(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c
+ 
+ #****** $(CCINT) interp.c
+diff --git a/psi/zfile.c b/psi/zfile.c
+index 2c6c958..2f27f82 100644
+--- a/psi/zfile.c
++++ b/psi/zfile.c
+@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len,
+     return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup);
+ }
+ 
++/* z_check_file_permissions: see zfile.h for explanation
++ */
++int
++z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission)
++{
++    i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p;
++    gs_parsed_file_name_t pname;
++    const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting";
++    int code = gs_parse_file_name(&pname, fname, len, imemory);
++    if (code < 0)
++        return code;
++
++    if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0)
++        return e_invalidfileaccess;
++        
++    code = check_file_permissions(i_ctx_p, fname, len, permitgroup);
++    return code;
++}
++
+ /* <name_string> <access_string> file <file> */
+ int                             /* exported for zsysvm.c */
+ zfile(i_ctx_t *i_ctx_p)
+diff --git a/psi/zfile.h b/psi/zfile.h
+index fdf1373..a9399c7 100644
+--- a/psi/zfile.h
++++ b/psi/zfile.h
+@@ -22,4 +22,11 @@
+ int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn,
+            const char *file_access, stream **ps, gs_memory_t *mem);
+ 
++/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission)
++ * to allow applying the above permissions checks when opening file(s) from
++ * the graphics library
++ */
++int
++z_check_file_permissions(gs_memory_t *mem, const char *fname,
++                                 const int len, const char *permission);
+ #endif
+-- 
+2.9.1
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 23:30:24 +0000