From 675e01cc9b2132e0ec2eef96aa991eb98e6917df Mon Sep 17 00:00:00 2001 From: Waldo Bastian Date: Wed, 9 Apr 2003 21:02:56 +0000 Subject: [PATCH] add -dSAFER -dPARANOIDSAFER when dealing with ghostscript (#56808) svn path=/trunk/kdegraphics/kdvi/; revision=219376 --- dviwin.cpp | 23 +++++++++++++++++++++++ psgs.cpp | 12 ++++++++++-- psgs.h | 5 +++++ 3 files changed, 38 insertions(+), 2 deletions(-) diff --git a/dviwin.cpp b/dviwin.cpp index 22695abf7..5c23df60e 100644 --- a/dviwin.cpp +++ b/dviwin.cpp @@ -37,6 +37,7 @@ #include #include #include +#include #include #include "dviwin.h" @@ -501,6 +502,28 @@ bool dviWindow::setFile(QString fname, QString ref, bool sourceMarker) // PostScriptHeaderString. PS_interface->clear(); + // Files that reside under "tmp" or under the "data" resource are most + // likely remote files. We limit the files they are able to read to + // the directory they are in in order to limit the possibilities of a + // denial of service attack. + bool restrictIncludePath = true; + QString tmp = KGlobal::dirs()->saveLocation("tmp", QString::null); + if (!filename.startsWith(tmp)) + { + tmp = KGlobal::dirs()->saveLocation("data", QString::null); + if (!filename.startsWith(tmp)) + restrictIncludePath = false; + } + + QString includePath; + if (restrictIncludePath) + { + includePath = filename; + includePath.truncate(includePath.findRev('/')); + } + + PS_interface->setIncludePath(includePath); + // We will also generate a list of hyperlink-anchors and source-file // anchors in the document. So declare the existing lists empty. anchorList.clear(); diff --git a/psgs.cpp b/psgs.cpp index 76a1598fd..b0f650017 100644 --- a/psgs.cpp +++ b/psgs.cpp @@ -60,6 +60,12 @@ void ghostscript_interface::setPostScript(int page, QString PostScript) { *(pageList.find(page)->PostScriptString) = PostScript; } +void ghostscript_interface::setIncludePath(const QString &_includePath) { + if (_includePath.isEmpty()) + includePath = "*"; // Allow all files + else + includePath = _includePath+"/*"; +} void ghostscript_interface::setColor(int page, QColor background_color) { if (pageList.find(page) == 0) { @@ -140,11 +146,13 @@ void ghostscript_interface::gs_generate_graphics_file(int page, QString filename // Step 2: Call GS with the File KProcess proc; proc << "gs"; - proc << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256"; + proc << "-dSAFER" << "-dPARANOIDSAFER" << "-dDELAYSAFER" << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256"; proc << QString("-sOutputFile=%1").arg(filename); + proc << QString("-sExtraIncludePath=%1").arg(includePath); proc << QString("-g%1x%2").arg(pixel_page_w).arg(pixel_page_h); // page size in pixels proc << QString("-r%1").arg(resolution); // resolution in dpi - proc << PSfile.name(); + proc << "-c" << "<< /PermitFileReading [ ExtraIncludePath ] /PermitFileWriting [] /PermitFileControl [] >> setuserparams .locksafe"; + proc << "-f" << PSfile.name(); proc.start(KProcess::Block); PSfile.unlink(); emit(setStatusBarText(QString::null)); diff --git a/psgs.h b/psgs.h index 9f9da0a47..69739fba3 100644 --- a/psgs.h +++ b/psgs.h @@ -43,6 +43,9 @@ public: // sets the PostScript which is used on a certain page void setPostScript(int page, QString PostScript); + // sets path from additional postscript files may be read + void setIncludePath(const QString &_includePath); + // sets the background color for a certain page void setColor(int page, QColor background_color); @@ -73,6 +76,8 @@ private: int pixel_page_w; // in pixels int pixel_page_h; // in pixels + QString includePath; + signals: /** Passed through to the top-level kpart. */ void setStatusBarText( const QString& );