ghostscript/ghostscript-9.20-cve-2016-7976.patch
David Kaspar [Dee'Kej] 040b22b22c Added 3 security fixes for:
- CVE-2016-7979 (bug #1382305)
  - CVE-2016-7976 (bug #1382294)
  - CVE-2016-7978 (bug #1382300)
2016-10-07 15:02:19 +02:00

181 lines
6.4 KiB
Diff

From fee19fa8d4f6f351e5a76f5801884880249d6a45 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 5 Oct 2016 09:55:55 +0100
Subject: [PATCH] Bug 697178: Add a file permissions callback
For the rare occasions when the graphics library directly opens a file
(currently for reading), this allows us to apply any restrictions on
file access normally applied in the interpteter.
---
base/gsicc_manage.c | 10 ++++++----
base/gslibctx.c | 12 +++++++++++-
base/gslibctx.h | 7 +++++++
psi/imain.c | 2 ++
psi/int.mak | 2 +-
psi/zfile.c | 19 +++++++++++++++++++
psi/zfile.h | 7 +++++++
7 files changed, 53 insertions(+), 6 deletions(-)
diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c
index 931c2a6..e9c09c3 100644
--- a/base/gsicc_manage.c
+++ b/base/gsicc_manage.c
@@ -1124,10 +1124,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc,
}
/* First just try it like it is */
- str = sfopen(pname, "r", mem_gc);
- if (str != NULL) {
- *strp = str;
- return 0;
+ if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) {
+ str = sfopen(pname, "r", mem_gc);
+ if (str != NULL) {
+ *strp = str;
+ return 0;
+ }
}
/* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */
diff --git a/base/gslibctx.c b/base/gslibctx.c
index fa4432a..f2c13e3 100644
--- a/base/gslibctx.c
+++ b/base/gslibctx.c
@@ -183,7 +183,7 @@ int gs_lib_ctx_init( gs_memory_t *mem )
mem->gs_lib_ctx = NULL;
return -1;
}
-
+ pio->client_check_file_permission = NULL;
gp_get_realtime(pio->real_time_0);
/* Set scanconverter to 1 (default) */
@@ -336,3 +336,13 @@ void errflush(const gs_memory_t *mem)
fflush(mem->gs_lib_ctx->fstderr);
/* else nothing to flush */
}
+
+int
+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission)
+{
+ int code = 0;
+ if (mem->gs_lib_ctx->client_check_file_permission != NULL) {
+ code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission);
+ }
+ return code;
+}
diff --git a/base/gslibctx.h b/base/gslibctx.h
index 84ec205..55eb4a6 100644
--- a/base/gslibctx.h
+++ b/base/gslibctx.h
@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server;
# define gs_font_dir_DEFINED
typedef struct gs_font_dir_s gs_font_dir;
#endif
+
+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission);
+
typedef struct gs_lib_ctx_s
{
gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */
@@ -61,6 +64,7 @@ typedef struct gs_lib_ctx_s
struct gx_io_device_s **io_device_table;
int io_device_table_count;
int io_device_table_size;
+ client_check_file_permission_t client_check_file_permission;
/* Define the default value of AccurateScreens that affects setscreen
and setcolorscreen. */
bool screen_accurate_screens;
@@ -132,6 +136,9 @@ int
gs_lib_ctx_get_default_device_list(const gs_memory_t *mem, char** dev_list_str,
int *list_str_len);
+int
+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission);
+
#define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout)
#define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr)
diff --git a/psi/imain.c b/psi/imain.c
index 9a9bb5d..6874128 100644
--- a/psi/imain.c
+++ b/psi/imain.c
@@ -57,6 +57,7 @@
#include "ivmspace.h"
#include "idisp.h" /* for setting display device callback */
#include "iplugin.h"
+#include "zfile.h"
#ifdef PACIFY_VALGRIND
#include "valgrind.h"
@@ -212,6 +213,7 @@ gs_main_init1(gs_main_instance * minst)
"the_gs_name_table");
if (code < 0)
return code;
+ mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions;
}
code = obj_init(&minst->i_ctx_p, &idmem); /* requires name_init */
if (code < 0)
diff --git a/psi/int.mak b/psi/int.mak
index 4654afc..bb30d51 100644
--- a/psi/int.mak
+++ b/psi/int.mak
@@ -2024,7 +2024,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\
$(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\
$(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\
$(iinit_h) $(main_h) $(oper_h) $(ostack_h)\
- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h)\
+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h)\
$(INT_MAK) $(MAKEDIRS)
$(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c
diff --git a/psi/zfile.c b/psi/zfile.c
index b6caea2..fd94f67 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len,
return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup);
}
+/* z_check_file_permissions: see zfile.h for explanation
+ */
+int
+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission)
+{
+ i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p;
+ gs_parsed_file_name_t pname;
+ const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting";
+ int code = gs_parse_file_name(&pname, fname, len, imemory);
+ if (code < 0)
+ return code;
+
+ if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0)
+ return gs_error_invalidfileaccess;
+
+ code = check_file_permissions(i_ctx_p, fname, len, permitgroup);
+ return code;
+}
+
/* <name_string> <access_string> file <file> */
int /* exported for zsysvm.c */
zfile(i_ctx_t *i_ctx_p)
diff --git a/psi/zfile.h b/psi/zfile.h
index fdf1373..a9399c7 100644
--- a/psi/zfile.h
+++ b/psi/zfile.h
@@ -22,4 +22,11 @@
int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn,
const char *file_access, stream **ps, gs_memory_t *mem);
+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission)
+ * to allow applying the above permissions checks when opening file(s) from
+ * the graphics library
+ */
+int
+z_check_file_permissions(gs_memory_t *mem, const char *fname,
+ const int len, const char *permission);
#endif
--
2.7.4