代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/ghostscript 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001
From: Zdenek Hutyra <zhutyra@centrum.cz>
Date: Mon, 22 Apr 2024 13:33:47 +0100
Subject: OPVP device - prevent unsafe parameter change with SAFER
Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library"
The "Driver" parameter for the "opvp"/"oprp" device specifies the name
of a dynamic library and allows any library to be loaded.
The patch does not allow changing this parameter after activating path
control.
This addresses CVE-2024-33871
---
contrib/opvp/gdevopvp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
index 5f20cac..327152d 100644
--- a/contrib/opvp/gdevopvp.c
+++ b/contrib/opvp/gdevopvp.c
@@ -3456,6 +3456,12 @@ _put_params(gx_device *dev, gs_param_list *plist)
code = param_read_string(plist, pname, &vdps);
switch (code) {
case 0:
+ if (gs_is_path_control_active(dev->memory)
+ && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size
+ || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) {
+ param_signal_error(plist, pname, gs_error_invalidaccess);
+ return_error(gs_error_invalidaccess);
+ }
buff = realloc(buff, vdps.size + 1);
memcpy(buff, vdps.data, vdps.size);
buff[vdps.size] = 0;
--
2.27.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手