File _service:tar_scm:fix-CVE-2024-33869-second.patch of Package ghostscript

From 77c8d6426fe91a2df8f3a37934f030ecc396cacb Mon Sep 17 00:00:00 2001
From: zhangxingrong <zhangxingrong@uniontech.com>
Date: Fri, 12 Jul 2024 15:09:12 +0800
Subject: [PATCH] fix for CVE-2024-33869

Bug 707691 part 2
See bug thread for details

This is the second part of the fix for CVE-2024-33869
url:https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
---
 base/gpmisc.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/base/gpmisc.c b/base/gpmisc.c
index cbc6139..186d9b7 100644
--- a/base/gpmisc.c
+++ b/base/gpmisc.c
@@ -1089,6 +1089,27 @@ gp_validate_path_len(const gs_memory_t *mem,
         rlen = len;
     }
     else {
+        char *test = (char *)path, *test1;
+        uint tlen = len, slen;
+
+        /* Look for any pipe (%pipe% or '|' specifications between path separators
+         * Reject any path spec which has a %pipe% or '|' anywhere except at the start.
+         */
+        while (tlen > 0) {
+            if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) {
+                code = gs_note_error(gs_error_invalidfileaccess);
+                goto exit;
+            }
+            test1 = test;
+            slen = search_separator((const char **)&test, path + len, test1, 1);
+            if(slen == 0)
+                break;
+            test += slen;
+            tlen -= test - test1;
+            if (test >= path + len)
+                break;
+        }
+
         rlen = len+1;
         bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
         if (bufferfull == NULL)
-- 
2.43.0