]> git.pld-linux.org Git - packages/GraphicsMagick.git/blobdiff - image-sanity-check.patch
projects / packages / GraphicsMagick.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
"ImageTragick" related security fixes
[packages/GraphicsMagick.git] / image-sanity-check.patch
diff --git a/image-sanity-check.patch b/image-sanity-check.patch
new file mode 100644 (file)
index 0000000..6b99c25
--- /dev/null
+++ b/image-sanity-check.patch
@@ -0,0 +1,28 @@
+diff -r 33200fc645f6 magick/render.c\r
+--- a/magick/render.c  Sat Nov 07 14:49:16 2015 -0600\r
++++ b/magick/render.c  Sun May 08 18:21:47 2016 -0500\r
+@@ -4096,6 +4096,24 @@\r
+           &image->exception);\r
+       else\r
+         {\r
++          /*\r
++            Sanity check URL/path before passing it to ReadImage()\r
++\r
++            This is a temporary fix until suitable flags can be passed\r
++            to keep SetImageInfo() from doing potentially dangerous\r
++            magick things.\r
++          */\r
++#define VALID_PREFIX(str,url) (LocaleNCompare(str,url,sizeof(str)-1) == 0)\r
++          if (!VALID_PREFIX("http://", primitive_info->text) &&\r
++              !VALID_PREFIX("https://", primitive_info->text) &&\r
++              !VALID_PREFIX("ftp://", primitive_info->text)  &&\r
++              !(IsAccessibleNoLogging(primitive_info->text))\r
++              )\r
++            {\r
++              ThrowException(&image->exception,FileOpenError,UnableToOpenFile,primitive_info->text);\r
++              status=MagickFail;\r
++              break;\r
++            }\r
+           (void) strlcpy(clone_info->filename,primitive_info->text,\r
+             MaxTextExtent);\r
+           composite_image=ReadImage(clone_info,&image->exception);\r
Image display, conversion, and manipulation under X
This page took 0.066311 seconds and 4 git commands to generate.