wok-current view ghostscript/stuff/CVE-2023-36664-2.patch @ rev 25693
Up depends pkgs for cups, need to rebuild it for ssl 3.0
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Sun Mar 24 15:17:37 2024 +0000 (3 months ago) |
| parents | |
| children |
line source
1 From 0974e4f2ac0005d3731e0b5c13ebc7e965540f4d Mon Sep 17 00:00:00 2001
2 From: Chris Liddell <chris.liddell@artifex.com>
3 Date: Wed, 14 Jun 2023 09:08:12 +0100
4 Subject: [PATCH] Bug 706778: 706761 revisit
6 Two problems with the original commit. The first a silly typo inverting the
7 logic of a test.
9 The second was forgetting that we actually actually validate two candidate
10 strings for pipe devices. One with the expected "%pipe%" prefix, the other
11 using the pipe character prefix: "|".
13 This addresses both those.
14 ---
15 base/gpmisc.c | 2 +-
16 base/gslibctx.c | 4 ++--
17 2 files changed, 3 insertions(+), 3 deletions(-)
19 diff --git a/base/gpmisc.c b/base/gpmisc.c
20 index 58511270e..2b0064bea 100644
21 --- a/base/gpmisc.c
22 +++ b/base/gpmisc.c
23 @@ -1081,7 +1081,7 @@ gp_validate_path_len(const gs_memory_t *mem,
24 /* "%pipe%" do not follow the normal rules for path definitions, so we
25 don't "reduce" them to avoid unexpected results
26 */
27 - if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
28 + if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) {
29 bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, len + 1, "gp_validate_path");
30 if (buffer == NULL)
31 return gs_error_VMerror;
32 diff --git a/base/gslibctx.c b/base/gslibctx.c
33 index d2a1aa91d..42af99090 100644
34 --- a/base/gslibctx.c
35 +++ b/base/gslibctx.c
36 @@ -743,7 +743,7 @@ gs_add_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type, co
37 /* "%pipe%" do not follow the normal rules for path definitions, so we
38 don't "reduce" them to avoid unexpected results
39 */
40 - if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
41 + if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) {
42 buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_add_control_path_len");
43 if (buffer == NULL)
44 return gs_error_VMerror;
45 @@ -850,7 +850,7 @@ gs_remove_control_path_len_flags(const gs_memory_t *mem, gs_path_control_t type,
46 /* "%pipe%" do not follow the normal rules for path definitions, so we
47 don't "reduce" them to avoid unexpected results
48 */
49 - if (len > 5 && memcmp(path, "%pipe", 5) != 0) {
50 + if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) {
51 buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_remove_control_path_len");
52 if (buffer == NULL)
53 return gs_error_VMerror;
54 --
55 2.34.1