Inicio Explorar Axuda
Iniciar sesión
crispAudio
/
poky
réplica de git://git.yoctoproject.org/poky
5
0
Fork 0
Ficheiros Incidencias 0 Wiki
Árbore: cefe82c765
Ramas Etiquetas
poky
/
meta
/
recipes-extended
/
ghostscript
/
files
/
0003-Bug-699832-add-control-over-hiding-error-handlers.patch

0003-Bug-699832-add-control-over-hiding-error-handlers.patch 6.1 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 
  1. From 1f9a91c86bd56acf57826b9b0e020ebe1953e2ae Mon Sep 17 00:00:00 2001
    2. 

  2. From: Chris Liddell <chris.liddell@artifex.com>
    3. 

  3. Date: Thu, 4 Oct 2018 10:42:13 +0100
    4. 

  4. Subject: [PATCH 3/5] Bug 699832: add control over hiding error handlers.
    5. 

  5. 

  6. With a previous commit changing error handling in SAFER so the handler gets
    7. 

  7. passed a name object (rather than executable object), it is less critical to
    8. 

  8. hide the error handlers.
    9. 

  9. 

  10. This introduces a -dSAFERERRORS option to force only use of the default error
    11. 

  11. handlers.
    12. 

  12. 

  13. It also adds a .setsafererrors Postscript call, meaning a caller, without
    14. 

  14. -dSAFERERRORS, can create their own default error handlers (in errordict, as
    15. 

  15. normal), and then call .setsafererrors meaning their own handlers are always
    16. 

  16. called.
    17. 

  17. 

  18. With -dSAFERERRORS or after a call to .setsafererrors, .setsafererrors is
    19. 

  19. removed.
    20. 

  20. 

  21. CVE: CVE-2018-17961
    22. 

  22. Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
    23. 

  23. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
    24. 

  24. ---
    25. 

  25.  Resource/Init/gs_init.ps | 42 +++++++++++++++++++++++++++++------------
    26. 

  26.  psi/interp.c             | 49 ++++++++++++++++++++++++++++--------------------
    27. 

  27.  2 files changed, 59 insertions(+), 32 deletions(-)
    28. 

  28. 

  29. diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
    30. 

  30. index bec307d..f952f32 100644
    31. 

  31. --- a/Resource/Init/gs_init.ps
    32. 

  32. +++ b/Resource/Init/gs_init.ps
    33. 

  33. @@ -188,6 +188,16 @@ currentdict /DELAYSAFER known { /DELAYSAFER //true def /NOSAFER //true def } if
    34. 

  34.    currentdict /PARANOIDSAFER known or	% PARANOIDSAFER is equivalent
    35. 

  35.  }
    36. 

  36.  ifelse def
    37. 

  37. +
    38. 

  38. +/SAFERERRORS
    39. 

  39. +currentdict /NOSAFERERRORS known
    40. 

  40. +{
    41. 

  41. +  //false
    42. 

  42. +}
    43. 

  43. +{
    44. 

  44. +  currentdict /SAFERERRORS known
    45. 

  45. +} ifelse def
    46. 

  46. +
    47. 

  47.  currentdict /SHORTERRORS known   /SHORTERRORS exch def
    48. 

  48.  currentdict /TTYPAUSE known   /TTYPAUSE exch def
    49. 

  49.  currentdict /WRITESYSTEMDICT known   /WRITESYSTEMDICT exch def
    50. 

  50. @@ -1123,12 +1133,23 @@ errordict begin
    51. 

  51.   } bind def
    52. 

  52.  end		% errordict
    53. 

  53.  
    54. 

  54. -% Put all the default handlers in gserrordict
    55. 

  55. -gserrordict
    56. 

  56. -errordict {2 index 3 1 roll put} forall
    57. 

  57. -noaccess pop
    58. 

  58. -% remove the non-standard errors from errordict
    59. 

  59. +gserrordict /unknownerror errordict /unknownerror get put
    60. 

  60.  errordict /unknownerror .undef
    61. 

  61. +
    62. 

  62. +/.SAFERERRORLIST ErrorNames def
    63. 

  63. +/.setsafererrors
    64. 

  64. +{
    65. 

  65. +% Put all the requested handlers in gserrordict
    66. 

  66. +  gserrordict
    67. 

  67. +  //.SAFERERRORLIST
    68. 

  68. +  {dup errordict exch get 2 index 3 1 roll put} forall
    69. 

  69. +  noaccess pop
    70. 

  70. +  systemdict /.setsafeerrors .forceundef
    71. 

  71. +  systemdict /.SAFERERRORLIST .forceundef
    72. 

  72. +} bind executeonly odef
    73. 

  73. +
    74. 

  74. +SAFERERRORS {.setsafererrors} if
    75. 

  75. +
    76. 

  76.  % Define a stable private copy of handleerror that we will always use under
    77. 

  77.  % JOBSERVER mode.
    78. 

  78.  /.GShandleerror errordict /handleerror get def
    79. 

  79. @@ -1760,18 +1781,15 @@ currentdict /.runlibfile .undef
    80. 

  80.  
    81. 

  81.  % Bind all the operators defined as procedures.
    82. 

  82.  /.bindoperators		% binds operators in currentdict
    83. 

  83. - { % Temporarily disable the typecheck error.
    84. 

  84. -   errordict /typecheck 2 copy get
    85. 

  85. -   errordict /typecheck { pop } put	% pop the command
    86. 

  86. + {
    87. 

  87.     currentdict
    88. 

  88.      { dup type /operatortype eq
    89. 

  89. -       { % This might be a real operator, so bind might cause a typecheck,
    90. 

  90. -         % but we've made the error a no-op temporarily.
    91. 

  91. -         .bind
    92. 

  92. +       {
    93. 

  93. +         % This might be a real operator, so bind might cause a typecheck
    94. 

  94. +         {.bind} .internalstopped pop
    95. 

  95.         }
    96. 

  96.        if pop pop
    97. 

  97.      } forall
    98. 

  98. -   put
    99. 

  99.   } def
    100. 

  100.  DELAYBIND not { .bindoperators } if
    101. 

  101.  
    102. 

  102. diff --git a/psi/interp.c b/psi/interp.c
    103. 

  103. index 3dd5f7a..cd894f9 100644
    104. 

  104. --- a/psi/interp.c
    105. 

  105. +++ b/psi/interp.c
    106. 

  106. @@ -662,27 +662,18 @@ again:
    107. 

  107.      if (gs_errorname(i_ctx_p, code, &error_name) < 0)
    108. 

  108.          return code;            /* out-of-range error code! */
    109. 

  109.  
    110. 

  110. -    /*  If LockFilePermissions is true, we only refer to gserrordict, which
    111. 

  111. -     *  is not accessible to Postcript jobs
    112. 

  112. +    /*  We refer to gserrordict first, which is not accessible to Postcript jobs
    113. 

  113. +     *  If we're running with SAFERERRORS all the handlers are copied to gserrordict
    114. 

  114. +     *  so we'll always find the default one. If not SAFERERRORS, only gs specific
    115. 

  115. +     *  errors are in gserrordict.
    116. 

  116.       */
    117. 

  117. -    if (i_ctx_p->LockFilePermissions) {
    118. 

  118. -        if (((dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
    119. 

  119. -              dict_find(perrordict, &error_name, &epref) <= 0))
    120. 

  120. -            )
    121. 

  121. -            return code;            /* error name not in errordict??? */
    122. 

  122. -    }
    123. 

  123. -    else {
    124. 

  124. -        /*
    125. 

  125. -         * For greater Adobe compatibility, only the standard PostScript errors
    126. 

  126. -         * are defined in errordict; the rest are in gserrordict.
    127. 

  127. -         */
    128. 

  128. -        if (dict_find_string(systemdict, "errordict", &perrordict) <= 0 ||
    129. 

  129. -            (dict_find(perrordict, &error_name, &epref) <= 0 &&
    130. 

  130. -             (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
    131. 

  131. -              dict_find(perrordict, &error_name, &epref) <= 0))
    132. 

  132. -            )
    133. 

  133. -            return code;            /* error name not in errordict??? */
    134. 

  134. -    }
    135. 

  135. +    if (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
    136. 

  136. +        (dict_find(perrordict, &error_name, &epref) <= 0 &&
    137. 

  137. +         (dict_find_string(systemdict, "errordict", &perrordict) <= 0 ||
    138. 

  138. +          dict_find(perrordict, &error_name, &epref) <= 0))
    139. 

  139. +        )
    140. 

  140. +        return code;            /* error name not in errordict??? */
    141. 

  141. +
    142. 

  142.      doref = *epref;
    143. 

  143.      epref = &doref;
    144. 

  144.      /* Push the error object on the operand stack if appropriate. */
    145. 

  145. @@ -695,6 +686,24 @@ again:
    146. 

  146.          }
    147. 

  147.          *osp = *perror_object;
    148. 

  148.          errorexec_find(i_ctx_p, osp);
    149. 

  149. +        /* If using SAFER, hand a name object to the error handler, rather than the executable
    150. 

  150. +         * object/operator itself.
    151. 

  151. +         */
    152. 

  152. +        if (i_ctx_p->LockFilePermissions) {
    153. 

  153. +            code = obj_cvs(imemory, osp, buf + 2, 256, &rlen, (const byte **)&bufptr);
    154. 

  154. +            if (code < 0) {
    155. 

  155. +                const char *unknownstr = "--unknown--";
    156. 

  156. +                rlen = strlen(unknownstr);
    157. 

  157. +                memcpy(buf, unknownstr, rlen);
    158. 

  158. +            }
    159. 

  159. +            else {
    160. 

  160. +                buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-';
    161. 

  161. +                rlen += 4;
    162. 

  162. +            }
    163. 

  163. +            code = name_ref(imemory, buf, rlen, osp, 1);
    164. 

  164. +            if (code < 0)
    165. 

  165. +                make_null(osp);
    166. 

  166. +        }
    167. 

  167.      }
    168. 

  168.      goto again;
    169. 

  169.  }
    170. 

  170. -- 
    171. 

  171. 2.7.4
    172. 

  172.