[gs-cvs] gs/src
Ray Johnston
ray at ghostscript.com
Fri Nov 21 14:01:18 PST 2003
Update of /cvs/ghostscript/gs/src
In directory casper:/tmp/cvs-serv18220/src
Modified Files:
Tag: GS_8_0X
zfile.c
Log Message:
Security fixes. Add detection of %pipe% device when in SAFER mode. Also
fix detection of 'renamefile' to prevent rename from a file that is not on
the PermitFileControl list. Similar to the changes made for 7.0x by
version 1.11.2.5.
Index: zfile.c
===================================================================
RCS file: /cvs/ghostscript/gs/src/zfile.c,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -u -d -r1.24 -r1.24.2.1
--- zfile.c 18 Nov 2002 17:17:20 -0000 1.24
+++ zfile.c 21 Nov 2003 22:01:16 -0000 1.24.2.1
@@ -51,7 +51,7 @@
extern const char iodev_dtype_stdio[];
/* Forward references: file name parsing. */
-private int parse_file_name(const ref * op, gs_parsed_file_name_t * pfn);
+private int parse_file_name(const ref * op, gs_parsed_file_name_t * pfn, bool safemode);
private int parse_real_file_name(const ref * op,
gs_parsed_file_name_t * pfn,
gs_memory_t *mem, client_name_t cname);
@@ -155,18 +155,6 @@
const char *sep_string = NULL;
int cwd_len = 0, sep_len = 0;
- /*
- * Check here for the %pipe device which is illegal when
- * LockFilePermissions is true. In the future we might want to allow
- * the %pipe device to be included on the PermitFile... paths, but
- * for now it is simply disallowed.
- */
- if (i_ctx_p->LockFilePermissions &&
- string_match( (const unsigned char*) fname, len,
- (const unsigned char*) "%pipe*", 5, NULL)
- ) {
- return e_invalidfileaccess;
- }
if (dict_find_string(&(i_ctx_p->userparams), permitgroup, &permitlist) <= 0)
return 0; /* if Permissions not found, just allow access */
if (fname_bare) {
@@ -230,7 +218,7 @@
if (code < 0)
return code;
- code = parse_file_name(op - 1, &pname);
+ code = parse_file_name(op - 1, &pname, i_ctx_p->LockFilePermissions);
if (code < 0)
return code;
/*
@@ -350,7 +338,7 @@
/* and the procedure, and invoke the continuation. */
check_estack(7);
/* Get the iodevice */
- code = parse_file_name(op - 2, &pname);
+ code = parse_file_name(op - 2, &pname, i_ctx_p->LockFilePermissions);
if (code < 0)
return code;
iodev = (pname.iodev == NULL) ? iodev_default : pname.iodev;
@@ -447,7 +435,7 @@
*/
((check_file_permissions(i_ctx_p, pname1.fname, pname1.len,
"PermitFileControl") < 0 &&
- !file_is_tempfile(i_ctx_p, op - 1) < 0) ||
+ !file_is_tempfile(i_ctx_p, op - 1)) ||
(check_file_permissions(i_ctx_p, pname2.fname, pname2.len,
"PermitFileControl") < 0 ||
check_file_permissions(i_ctx_p, pname2.fname, pname2.len,
@@ -486,7 +474,7 @@
{
gs_parsed_file_name_t pname;
struct stat fstat;
- int code = parse_file_name(op, &pname);
+ int code = parse_file_name(op, &pname, i_ctx_p->LockFilePermissions);
if (code < 0)
return code;
@@ -622,7 +610,7 @@
stream *s;
check_ostack(2);
- code = parse_file_name(op, &pname);
+ code = parse_file_name(op, &pname, i_ctx_p->LockFilePermissions);
if (code < 0)
return code;
if (pname.iodev == NULL)
@@ -674,7 +662,7 @@
}
}
if (code < 0) {
- if (code == e_VMerror)
+ if (code == e_VMerror || code == e_invalidfileaccess)
return code;
push(1);
make_false(op);
@@ -789,11 +777,24 @@
/* Parse a file name into device and individual name. */
/* See gsfname.c for details. */
private int
-parse_file_name(const ref * op, gs_parsed_file_name_t * pfn)
+parse_file_name(const ref * op, gs_parsed_file_name_t * pfn, bool safemode)
{
+ int code;
+
check_read_type(*op, t_string);
- return gs_parse_file_name(pfn, (const char *)op->value.const_bytes,
+ /*
+ * Check here for the %pipe device which is illegal when
+ * LockFilePermissions is true. In the future we might want to allow
+ * the %pipe device to be included on the PermitFile... paths, but
+ * for now it is simply disallowed.
+ */
+ code = gs_parse_file_name(pfn, (const char *)op->value.const_bytes,
r_size(op));
+ if (code < 0)
+ return code;
+ if (pfn->iodev && safemode && strcmp(pfn->iodev->dname, "%pipe%") == 0)
+ return e_invalidfileaccess;
+ return code;
}
/* Parse a real (non-device) file name and convert to a C string. */
More information about the gs-cvs
mailing list