[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[groff] 30/30: [grops]: Further revise fix for Savannah #61424.
From: |
G. Branden Robinson |
Subject: |
[groff] 30/30: [grops]: Further revise fix for Savannah #61424. |
Date: |
Fri, 8 Nov 2024 01:14:33 -0500 (EST) |
gbranden pushed a commit to branch master
in repository groff.
commit cf04ffc58357d72f332af6e8c9088e42e6e05777
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Thu Nov 7 17:18:56 2024 -0600
[grops]: Further revise fix for Savannah #61424.
Instead of checking for a nonpositive `errno` after calling
`font::open_file()` and assuming that that means the function rejected
the file name for having a slash character in it, check the file name at
the call site and throw a fatal error there if it contains one.
* src/devices/grops/ps.cpp (ps_printer::define_encoding):
* src/devices/grops/psrm.cpp (resource_manager::output_prolog)
(resource_manager::supply_resource): Do it.
Begins to address <https://savannah.gnu.org/bugs/?66419>. Thanks to Rob
Kolstad for the report and the suggestion.
Exhibit:
Consider the following damaged files.
$ git diff
diff --git a/font/devps/TR b/font/devps/TR
index 91581dfd1..01f2fcb8e 100644
--- a/font/devps/TR
+++ b/font/devps/TR
@@ -15,7 +15,7 @@
name TR
internalname Times-Roman
spacewidth 250
-encoding text.enc
+encoding ./text.enc
ligatures fi fl 0
kernpairs
$ git diff
diff --git a/font/devps/download b/font/devps/download
index 3f77716b6..62d3c012b 100644
--- a/font/devps/download
+++ b/font/devps/download
@@ -2,5 +2,5 @@
# PostScript-name Filename
Symbol-Slanted symbolsl.pfa
-ZapfDingbats-Reverse zapfdr.pfa
+ZapfDingbats-Reverse ./zapfdr.pfa
FreeEuro freeeuro.pfa
Before:
$ echo a | groff -F ./font > /dev/null
grops:<standard input>: fatal error: can't open encoding file './text.enc'
$ echo a | GROPS_PROLOGUE=./build/font/devps/prologue groff -F ./font >
/dev/null
grops:<standard input>: fatal error: refusing to traverse directories to
open PostScript prologue file 'grops: ../src/libs/libgroff/errarg.cpp:112: void
errprint(const char*, const errarg&, const errarg&, const errarg&): Assertion
`!arg1.empty()' failed.
groff: error: grops: Aborted (core dumped)
$ printf '\\[lh]\n' | groff -F ./font >/dev/null
grops:<standard input>: error: refusing to traverse directories to open
PostScript resource file 'grops: ../src/libs/libgroff/errarg.cpp:112: void
errprint(const char*, const errarg&, const errarg&, const errarg&): Assertion
`!arg1.empty()' failed.
groff: error: grops: Aborted (core dumped)
(Urp.)
Now:
$ echo a | ./build/test-groff -F ./font > /dev/null
grops:<standard input>: fatal error: a '/' is not allowed in encoding file
name: './text.enc'
$ echo a | GROPS_PROLOGUE=./build/font/devps/prologue ./build/test-groff -F
./font > /dev/null
grops:<standard input>: fatal error: a '/' is not allowed in PostScript
prologue file name: './build/font/devps/prologue'
$ printf '\\[lh]\n' | ./build/test-groff -F ./font >/dev/null
grops:<standard input>: fatal error: a '/' is not allowed in PostScript
font file name: './zapfdr.pfa'
---
ChangeLog | 16 ++++++++++++++++
src/devices/grops/ps.cpp | 9 +++------
src/devices/grops/psrm.cpp | 21 ++++++++++-----------
3 files changed, 29 insertions(+), 17 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 70e5e7f7c..f5ba5759a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2024-11-07 G. Branden Robinson <g.branden.robinson@gmail.com>
+
+ [grops]: Further revise fix for Savannah #61424. Instead of
+ checking for a nonpositive `errno` after calling
+ `font::open_file()` and assuming that that means the function
+ rejected the file name for having a slash character in it, check
+ the file name at the call site and throw a fatal error there if
+ it contains one.
+
+ * src/devices/grops/ps.cpp (ps_printer::define_encoding):
+ * src/devices/grops/psrm.cpp (resource_manager::output_prolog)
+ (resource_manager::supply_resource): Do it.
+
+ Begins to address <https://savannah.gnu.org/bugs/?66419>.
+ Thanks to Rob Kolstad for the report and the suggestion.
+
2024-11-07 G. Branden Robinson <g.branden.robinson@gmail.com>
* src/devices/grops/ps.cpp (ps_printer::define_encoding):
diff --git a/src/devices/grops/ps.cpp b/src/devices/grops/ps.cpp
index 7cdf24e6f..5751f0375 100644
--- a/src/devices/grops/ps.cpp
+++ b/src/devices/grops/ps.cpp
@@ -790,14 +790,11 @@ void ps_printer::define_encoding(const char *encoding,
for (i = 0; i < 256; i++)
vec[i] = 0;
char *path;
+ if (strchr(encoding, '/') != 0 /* nullptr */)
+ fatal("a '/' is not allowed in encoding file name: '%1'", encoding);
FILE *fp = font::open_file(encoding, &path);
- if (0 /* nullptr */ == fp) {
- // If errno not valid, assume file rejected due to '/'.
- if (errno <= 0)
- fatal("refusing to traverse directories to open PostScript"
- " encoding file '%1'");
+ if (0 /* nullptr */ == fp)
fatal("cannot open encoding file '%1'", encoding);
- }
int lineno = 1;
const int BUFFER_SIZE = 512;
char buf[BUFFER_SIZE];
diff --git a/src/devices/grops/psrm.cpp b/src/devices/grops/psrm.cpp
index f939d1e6d..7a6a57026 100644
--- a/src/devices/grops/psrm.cpp
+++ b/src/devices/grops/psrm.cpp
@@ -293,15 +293,14 @@ void resource_manager::output_prolog(ps_output &out)
fatal("cannot update environment: %1", strerror(errno));
}
char *prologue = getenv("GROPS_PROLOGUE");
+ // TODO: (?) Skip this check if `-U` (unsafe) option specified.
+ if (strchr(prologue, '/') != 0 /* nullptr */)
+ fatal("a '/' is not allowed in PostScript prologue file name:"
+ " '%1'", prologue);
FILE *fp = font::open_file(prologue, &path);
- if (0 /* nullptr */ == fp) {
- // If errno not valid, assume file rejected due to '/'.
- if (errno <= 0)
- fatal("refusing to traverse directories to open PostScript"
- " prologue file '%1'");
+ if (0 /* nullptr */ == fp)
fatal("cannot open PostScript prologue file '%1': %2", prologue,
strerror(errno));
- }
fputs("%%BeginResource: ", outfp);
procset_resource->print_type_and_name(outfp);
putc('\n', outfp);
@@ -334,14 +333,14 @@ void resource_manager::supply_resource(resource *r, int
rank,
char *path = 0 /* nullptr */;
FILE *fp = 0 /* nullptr */;
if (r->filename != 0 /* nullptr */) {
+ // TODO: (?) Skip this check if `-U` (unsafe) option specified.
+ if (strchr(r->filename, '/') != 0 /* nullptr */)
+ fatal("a '/' is not allowed in PostScript %1 file name: '%2'",
+ (r->type == RESOURCE_FONT) ? "font" : "resource",
+ r->filename);
if (r->type == RESOURCE_FONT) {
fp = font::open_file(r->filename, &path);
if (0 /* nullptr */ == fp) {
- // If errno not valid, assume file rejected due to '/'.
- if (errno <= 0)
- error("refusing to traverse directories to open PostScript"
- " resource file '%1'");
- else
error("cannot open PostScript font file '%1': %2",
r->filename, strerror(errno));
delete[] r->filename;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [groff] 30/30: [grops]: Further revise fix for Savannah #61424.,
G. Branden Robinson <=