Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / d89cb5f03a8d4951590cee276daee6f9a269b6d0 / . / poky / meta / recipes-extended / ghostscript / ghostscript / CVE-2019-6116-0004.patch
blob: cc15453f00d93543a45c00ea5ada97cd420e0964 [file] [log] [blame]
Brad Bishopd89cb5f2019-04-10 09:02:41 -0400[diff] [blame^]1From d739565534e955c4336731e4ea4eebc895c09c5c Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Tue, 18 Dec 2018 10:42:10 +0000
4Subject: [PATCH 4/7] Harden some uses of .force* operators
5
6by adding a few immediate evalutions
7
8CVE: CVE-2019-6116
9Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
10
11Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
12---
13 Resource/Init/gs_dps1.ps | 4 ++--
14 Resource/Init/gs_fonts.ps | 20 ++++++++++----------
15 Resource/Init/gs_init.ps | 6 +++---
16 3 files changed, 15 insertions(+), 15 deletions(-)
17
18diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
19index 4fae283..b75ea14 100644
20--- a/Resource/Init/gs_dps1.ps
21+++ b/Resource/Init/gs_dps1.ps
22@@ -74,7 +74,7 @@ level2dict begin
23 } odef
24 % undefinefont has to take local/global VM into account.
25 /undefinefont % <fontname> undefinefont -
26- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
27+ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
28 .currentglobal
29 { % Current mode is global; delete from local directory too.
30 //systemdict /LocalFontDirectory .knownget
31@@ -85,7 +85,7 @@ level2dict begin
32 % definition, copy it into the local directory.
33 //systemdict /SharedFontDirectory .knownget
34 { 1 index .knownget
35- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
36+ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
37 if
38 }
39 if
40diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
41index 290da0c..c13a2fc 100644
42--- a/Resource/Init/gs_fonts.ps
43+++ b/Resource/Init/gs_fonts.ps
44@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put
45 if
46 }
47 if
48- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
49+ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
50 % If the font originated as a resource, register it.
51 currentfile .currentresourcefile eq { dup .registerfont } if
52 readonly
53@@ -943,7 +943,7 @@ $error /SubstituteFont { } put
54 % Try to find a font using only the present contents of Fontmap.
55 /.tryfindfont { % <fontname> .tryfindfont <font> true
56 % <fontname> .tryfindfont false
57- .FontDirectory 1 index .fontknownget
58+ //.FontDirectory 1 index .fontknownget
59 { % Already loaded
60 exch pop //true
61 }
62@@ -975,7 +975,7 @@ $error /SubstituteFont { } put
63 { % Font with a procedural definition
64 exec % The procedure will load the font.
65 % Check to make sure this really happened.
66- .FontDirectory 1 index .knownget
67+ //.FontDirectory 1 index .knownget
68 { exch pop //true exit }
69 if
70 }
71@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put
72 % because it's different depending on language level.
73 .currentglobal exch /.setglobal .systemvar exec
74 % Remove the fake definition, if any.
75- .FontDirectory 3 index .forceundef % readonly
76- 1 index (r) file .loadfont .FontDirectory exch
77+ //.FontDirectory 3 index .forceundef % readonly
78+ 1 index (r) file .loadfont //.FontDirectory exch
79 /.setglobal .systemvar exec
80 } executeonly
81- { .loadfont .FontDirectory
82+ { .loadfont //.FontDirectory
83 }
84 ifelse
85 % Stack: fontname fontfilename fontdirectory
86@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put
87 % Stack: origfontname fontdirectory filefontname fontdict
88 3 -1 roll pop
89 % Stack: origfontname filefontname fontdict
90- dup /FontName get dup FontDirectory exch .forceundef
91- GlobalFontDirectory exch .forceundef
92+ dup /FontName get dup //.FontDirectory exch .forceundef
93+ /GlobalFontDirectory .systemvar exch .forceundef
94 dup length dict .copydict dup 3 index /FontName exch put
95 2 index exch definefont
96 exch
97@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef
98 {
99 {
100 pop dup type /stringtype eq { cvn } if
101- .FontDirectory 1 index known not {
102+ //.FontDirectory 1 index known not {
103 2 dict dup /FontName 3 index put
104 dup /FontType 1 put
105- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
106+ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
107 } {
108 pop
109 } ifelse
110diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
111index 56c0bd2..d9a0829 100644
112--- a/Resource/Init/gs_init.ps
113+++ b/Resource/Init/gs_init.ps
114@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef
115 }ifelse
116 }forall
117 noaccess pop
118- systemdict /.setsafeerrors .forceundef
119- systemdict /.SAFERERRORLIST .forceundef
120+ //systemdict /.setsafeerrors .forceundef
121+ //systemdict /.SAFERERRORLIST .forceundef
122 } bind executeonly odef
123
124 SAFERERRORS {.setsafererrors} if
125@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef
126
127 /.locksafe {
128 .locksafe_userparams
129- systemdict /getenv {pop //false} .forceput
130+ //systemdict /getenv {pop //false} .forceput
131 % setpagedevice has the side effect of clearing the page, but
132 % we will just document that. Using setpagedevice keeps the device
133 % properties and pagedevice .LockSafetyParams in agreement even
134--
1352.18.1
136