packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ghostscript/Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch
zhangxianting f47c6e77aa fix CVE-2024-29506 CVE-2024-29507 CVE-2024-29508 CVE-2024-29509 CVE-2024-29511 
(cherry picked from commit 6a34364e0a141b71f487687411b7ec62203903e4)
2024-07-05 16:08:36 +08:00

96 lines
3.8 KiB
Diff
Raw Blame History

From 3d4cfdc1a44b1969a0f14c86673a372654d443c4 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 24 Jan 2024 17:06:01 +0000
Subject: [PATCH 5/6] Bug 707510(5): Reject OCRLanguage changes after SAFER
enabled
In the devices that support OCR, OCRLanguage really ought never to be set from
PostScript, so reject attempts to change it if path_control_active is true.
---
devices/gdevocr.c | 15 ++++++++++-----
devices/gdevpdfocr.c | 15 ++++++++++-----
devices/vector/gdevpdfp.c | 15 ++++++++++-----
3 files changed, 30 insertions(+), 15 deletions(-)
diff --git a/devices/gdevocr.c b/devices/gdevocr.c
index 88c759c..287b74b 100644
--- a/devices/gdevocr.c
+++ b/devices/gdevocr.c
@@ -187,11 +187,16 @@ ocr_put_params(gx_device *dev, gs_param_list *plist)
switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
case 0:
- len = langstr.size;
- if (len >= sizeof(pdev->language))
- len = sizeof(pdev->language)-1;
- memcpy(pdev->language, langstr.data, len);
- pdev->language[len] = 0;
+ if (pdev->memory->gs_lib_ctx->core->path_control_active) {
+ return_error(gs_error_invalidaccess);
+ }
+ else {
+ len = langstr.size;
+ if (len >= sizeof(pdev->language))
+ len = sizeof(pdev->language)-1;
+ memcpy(pdev->language, langstr.data, len);
+ pdev->language[len] = 0;
+ }
break;
case 1:
break;
diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
index ff60c12..0f3478a 100644
--- a/devices/gdevpdfocr.c
+++ b/devices/gdevpdfocr.c
@@ -50,11 +50,16 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
case 0:
- len = langstr.size;
- if (len >= sizeof(pdf_dev->ocr.language))
- len = sizeof(pdf_dev->ocr.language)-1;
- memcpy(pdf_dev->ocr.language, langstr.data, len);
- pdf_dev->ocr.language[len] = 0;
+ if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) {
+ return_error(gs_error_invalidaccess);
+ }
+ else {
+ len = langstr.size;
+ if (len >= sizeof(pdf_dev->ocr.language))
+ len = sizeof(pdf_dev->ocr.language)-1;
+ memcpy(pdf_dev->ocr.language, langstr.data, len);
+ pdf_dev->ocr.language[len] = 0;
+ }
break;
case 1:
break;
diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
index 42fa1c5..23e9bc8 100644
--- a/devices/vector/gdevpdfp.c
+++ b/devices/vector/gdevpdfp.c
@@ -458,11 +458,16 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
gs_param_string langstr;
switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
case 0:
- len = langstr.size;
- if (len >= sizeof(pdev->ocr_language))
- len = sizeof(pdev->ocr_language)-1;
- memcpy(pdev->ocr_language, langstr.data, len);
- pdev->ocr_language[len] = 0;
+ if (pdev->memory->gs_lib_ctx->core->path_control_active) {
+ return_error(gs_error_invalidaccess);
+ }
+ else {
+ len = langstr.size;
+ if (len >= sizeof(pdev->ocr_language))
+ len = sizeof(pdev->ocr_language)-1;
+ memcpy(pdev->ocr_language, langstr.data, len);
+ pdev->ocr_language[len] = 0;
+ }
break;
case 1:
break;
--
2.43.0
Reference in New Issue View Git Blame Copy Permalink