| Brad Bishop | d89cb5f | 2019-04-10 09:02:41 -0400 | [diff] [blame^] | 1 | From 53f0cb4c54ac951697704cb87d24154ae08aecce Mon Sep 17 00:00:00 2001 |
| 2 | From: Chris Liddell <chris.liddell@artifex.com> |
| 3 | Date: Wed, 20 Feb 2019 09:54:28 +0000 |
| 4 | Subject: [PATCH] Bug 700576: Make a transient proc executeonly (in |
| 5 | DefineResource). |
| 6 | |
| 7 | This prevents access to .forceput |
| 8 | |
| 9 | Solution originally suggested by cbuissar@redhat.com. |
| 10 | |
| 11 | CVE: CVE-2019-3838 |
| 12 | Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] |
| 13 | |
| 14 | Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> |
| 15 | --- |
| 16 | Resource/Init/gs_res.ps | 2 +- |
| 17 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 18 | |
| 19 | diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps |
| 20 | index 89c0ed6..a163541 100644 |
| 21 | --- a/Resource/Init/gs_res.ps |
| 22 | +++ b/Resource/Init/gs_res.ps |
| 23 | @@ -426,7 +426,7 @@ status { |
| 24 | % so we have to use .forceput here. |
| 25 | currentdict /.Instances 2 index .forceput % Category dict is read-only |
| 26 | } executeonly if |
| 27 | - } |
| 28 | + } executeonly |
| 29 | { .LocalInstances dup //.emptydict eq |
| 30 | { pop 3 dict localinstancedict Category 2 index put |
| 31 | } |
| 32 | -- |
| 33 | 2.18.1 |
| 34 | |