summaryrefslogtreecommitdiff
path: root/print/ghostscript/patches/patch-ae
diff options
context:
space:
mode:
Diffstat (limited to 'print/ghostscript/patches/patch-ae')
-rw-r--r--print/ghostscript/patches/patch-ae214
1 files changed, 214 insertions, 0 deletions
diff --git a/print/ghostscript/patches/patch-ae b/print/ghostscript/patches/patch-ae
new file mode 100644
index 00000000000..642536e68fb
--- /dev/null
+++ b/print/ghostscript/patches/patch-ae
@@ -0,0 +1,214 @@
+$NetBSD: patch-ae,v 1.6.2.2 2010/11/23 22:43:36 spz Exp $
+
+Security patch for CVE-2010-2055 by Dr. Werner Fink taken from here:
+
+http://bugs.ghostscript.com/attachment.cgi?id=6449
+
+--- psi/zfile.c.orig 2009-10-04 13:42:07.000000000 +0100
++++ psi/zfile.c 2010-11-23 11:03:52.000000000 +0000
+@@ -902,6 +902,90 @@
+ return 0;
+ }
+
++/* return zero for success, -ve for error, +1 for continue */
++static int
++lib_file_open_search_with_no_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p,
++ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile,
++ gx_io_device *iodev, bool starting_arg_file, char *fmode)
++{
++ stream *s;
++ uint blen1 = blen;
++ if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success)
++ goto skip;
++ if (iodev_os_open_file(iodev, (const char *)buffer, blen1,
++ (const char *)fmode, &s, (gs_memory_t *)mem) == 0) {
++ if (starting_arg_file ||
++ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
++ *pclen = blen1;
++ make_stream_file(pfile, s, "r");
++ return 0;
++ }
++ sclose(s);
++ return_error(e_invalidfileaccess);
++ }
++ skip:;
++ return 1;
++}
++
++/* return zero for success, -ve for error, +1 for continue */
++static int
++lib_file_open_search_with_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p,
++ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile,
++ gx_io_device *iodev, bool starting_arg_file, char *fmode)
++{
++ stream *s;
++ const gs_file_path *pfpath = lib_path;
++ uint pi;
++
++ for (pi = 0; pi < r_size(&pfpath->list); ++pi) {
++ const ref *prdir = pfpath->list.value.refs + pi;
++ const char *pstr = (const char *)prdir->value.const_bytes;
++ uint plen = r_size(prdir), blen1 = blen;
++ gs_parsed_file_name_t pname;
++ gp_file_name_combine_result r;
++
++ /* We need to concatenate and parse the file name here
++ * if this path has a %device% prefix. */
++ if (pstr[0] == '%') {
++ int code;
++
++ /* We concatenate directly since gp_file_name_combine_*
++ * rules are not correct for other devices such as %rom% */
++ code = gs_parse_file_name(&pname, pstr, plen);
++ if (code < 0)
++ continue;
++ memcpy(buffer, pname.fname, pname.len);
++ memcpy(buffer+pname.len, fname, flen);
++ code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode,
++ &s, (gs_memory_t *)mem);
++ if (code < 0)
++ continue;
++ make_stream_file(pfile, s, "r");
++ /* fill in the buffer with the device concatenated */
++ memcpy(buffer, pstr, plen);
++ memcpy(buffer+plen, fname, flen);
++ *pclen = plen + flen;
++ return 0;
++ } else {
++ r = gp_file_name_combine(pstr, plen,
++ fname, flen, false, buffer, &blen1);
++ if (r != gp_combine_success)
++ continue;
++ if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode,
++ &s, (gs_memory_t *)mem) == 0) {
++ if (starting_arg_file ||
++ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
++ *pclen = blen1;
++ make_stream_file(pfile, s, "r");
++ return 0;
++ }
++ sclose(s);
++ return_error(e_invalidfileaccess);
++ }
++ }
++ }
++ return 1;
++}
+
+ /* Return a file object of of the file searched for using the search paths. */
+ /* The fname cannot contain a device part (%...%) but the lib paths might. */
+@@ -919,6 +1003,8 @@
+ char fmode[4] = { 'r', 0, 0, 0 }; /* room for binary suffix */
+ stream *s;
+ gx_io_device *iodev = iodev_default;
++ gs_main_instance *minst = get_minst_from_memory(mem);
++ int code;
+
+ /* when starting arg files (@ files) iodev_default is not yet set */
+ if (iodev == 0)
+@@ -932,75 +1018,36 @@
+ search_with_no_combine = starting_arg_file;
+ search_with_combine = true;
+ }
+- if (search_with_no_combine) {
+- uint blen1 = blen;
+-
+- if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success)
+- goto skip;
+- if (iodev_os_open_file(iodev, (const char *)buffer, blen1,
+- (const char *)fmode, &s, (gs_memory_t *)mem) == 0) {
+- if (starting_arg_file ||
+- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
+- *pclen = blen1;
+- make_stream_file(pfile, s, "r");
+- return 0;
+- }
+- sclose(s);
+- return_error(e_invalidfileaccess);
+- }
+- skip:;
+- }
+- if (search_with_combine) {
+- const gs_file_path *pfpath = lib_path;
+- uint pi;
+-
+- for (pi = 0; pi < r_size(&pfpath->list); ++pi) {
+- const ref *prdir = pfpath->list.value.refs + pi;
+- const char *pstr = (const char *)prdir->value.const_bytes;
+- uint plen = r_size(prdir), blen1 = blen;
+- gs_parsed_file_name_t pname;
+- gp_file_name_combine_result r;
+-
+- /* We need to concatenate and parse the file name here
+- * if this path has a %device% prefix. */
+- if (pstr[0] == '%') {
+- int code;
+-
+- /* We concatenate directly since gp_file_name_combine_*
+- * rules are not correct for other devices such as %rom% */
+- code = gs_parse_file_name(&pname, pstr, plen);
+- if (code < 0)
+- continue;
+- memcpy(buffer, pname.fname, pname.len);
+- memcpy(buffer+pname.len, fname, flen);
+- code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode,
+- &s, (gs_memory_t *)mem);
+- if (code < 0)
+- continue;
+- make_stream_file(pfile, s, "r");
+- /* fill in the buffer with the device concatenated */
+- memcpy(buffer, pstr, plen);
+- memcpy(buffer+plen, fname, flen);
+- *pclen = plen + flen;
+- return 0;
+- } else {
+- r = gp_file_name_combine(pstr, plen,
+- fname, flen, false, buffer, &blen1);
+- if (r != gp_combine_success)
+- continue;
+- if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode,
+- &s, (gs_memory_t *)mem) == 0) {
+- if (starting_arg_file ||
+- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
+- *pclen = blen1;
+- make_stream_file(pfile, s, "r");
+- return 0;
+- }
+- sclose(s);
+- return_error(e_invalidfileaccess);
+- }
+- }
+- }
++ if (minst->search_here_first) {
++ if (search_with_no_combine) {
++ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p,
++ fname, flen, buffer, blen, pclen, pfile,
++ iodev, starting_arg_file, fmode);
++ if (code <= 0) /* +ve means continue continue */
++ return code;
++ }
++ if (search_with_combine) {
++ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p,
++ fname, flen, buffer, blen, pclen, pfile,
++ iodev, starting_arg_file, fmode);
++ if (code <= 0) /* +ve means continue searching */
++ return code;
++ }
++ } else {
++ if (search_with_combine) {
++ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p,
++ fname, flen, buffer, blen, pclen, pfile,
++ iodev, starting_arg_file, fmode);
++ if (code <= 0) /* +ve means continue searching */
++ return code;
++ }
++ if (search_with_no_combine) {
++ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p,
++ fname, flen, buffer, blen, pclen, pfile,
++ iodev, starting_arg_file, fmode);
++ if (code <= 0) /* +ve means continue searching */
++ return code;
++ }
+ }
+ return_error(e_undefinedfilename);
+ }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-08 17:05:54 +0000