Projects
Mega:24.03:SP1:Everything
ghostscript
_service:tar_scm:fix-CVE-2024-33871.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:fix-CVE-2024-33871.patch of Package ghostscript
From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001 From: Zdenek Hutyra <zhutyra@centrum.cz> Date: Mon, 22 Apr 2024 13:33:47 +0100 Subject: OPVP device - prevent unsafe parameter change with SAFER Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library" The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. The patch does not allow changing this parameter after activating path control. This addresses CVE-2024-33871 --- contrib/opvp/gdevopvp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c index 5f20cac..327152d 100644 --- a/contrib/opvp/gdevopvp.c +++ b/contrib/opvp/gdevopvp.c @@ -3456,6 +3456,12 @@ _put_params(gx_device *dev, gs_param_list *plist) code = param_read_string(plist, pname, &vdps); switch (code) { case 0: + if (gs_is_path_control_active(dev->memory) + && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size + || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) { + param_signal_error(plist, pname, gs_error_invalidaccess); + return_error(gs_error_invalidaccess); + } buff = realloc(buff, vdps.size + 1); memcpy(buff, vdps.data, vdps.size); buff[vdps.size] = 0; -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2