35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From 5ae2e320d69a7d0973011796bd388cd5befa1a43 Mon Sep 17 00:00:00 2001
|
|
From: Ken Sharp <Ken.Sharp@artifex.com>
|
|
Date: Tue, 26 Mar 2024 12:02:57 +0000
|
|
Subject: [PATCH] fix CVE-2024-33869
|
|
|
|
Part 1; when stripping a potential Current Working Dirctory specifier
|
|
from a path, make certain it really is a CWD, and not simply large
|
|
ebough to be a CWD.
|
|
|
|
Reasons are in the bug thread, this is not (IMO) serious.
|
|
|
|
This is part of the fix for CVE-2024-33869
|
|
---
|
|
base/gpmisc.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/base/gpmisc.c b/base/gpmisc.c
|
|
index f9a9230..f6b8870 100644
|
|
--- a/base/gpmisc.c
|
|
+++ b/base/gpmisc.c
|
|
@@ -1136,8 +1136,8 @@ gp_validate_path_len(const gs_memory_t *mem,
|
|
memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl);
|
|
continue;
|
|
}
|
|
- else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) {
|
|
- buffer = bufferfull + cdirstrl + dirsepstrl;
|
|
+ else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull
|
|
+ && memcmp(buffer, cdirstr, cdirstrl) && !memcmp(buffer + cdirstrl, dirsepstr, dirsepstrl)) {
|
|
continue;
|
|
}
|
|
break;
|
|
--
|
|
2.27.0
|
|
|