groff-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[groff] 30/30: [grops]: Further revise fix for Savannah #61424.


From: G. Branden Robinson
Subject: [groff] 30/30: [grops]: Further revise fix for Savannah #61424.
Date: Fri, 8 Nov 2024 01:14:33 -0500 (EST)

gbranden pushed a commit to branch master
in repository groff.

commit cf04ffc58357d72f332af6e8c9088e42e6e05777
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Thu Nov 7 17:18:56 2024 -0600

    [grops]: Further revise fix for Savannah #61424.
    
    Instead of checking for a nonpositive `errno` after calling
    `font::open_file()` and assuming that that means the function rejected
    the file name for having a slash character in it, check the file name at
    the call site and throw a fatal error there if it contains one.
    
    * src/devices/grops/ps.cpp (ps_printer::define_encoding):
    * src/devices/grops/psrm.cpp (resource_manager::output_prolog)
      (resource_manager::supply_resource): Do it.
    
    Begins to address <https://savannah.gnu.org/bugs/?66419>.  Thanks to Rob
    Kolstad for the report and the suggestion.
    
    Exhibit:
    
    Consider the following damaged files.
    
    $ git diff
    diff --git a/font/devps/TR b/font/devps/TR
    index 91581dfd1..01f2fcb8e 100644
    --- a/font/devps/TR
    +++ b/font/devps/TR
    @@ -15,7 +15,7 @@
     name TR
     internalname Times-Roman
     spacewidth 250
    -encoding text.enc
    +encoding ./text.enc
     ligatures fi fl 0
    
     kernpairs
    
    $ git diff
    diff --git a/font/devps/download b/font/devps/download
    index 3f77716b6..62d3c012b 100644
    --- a/font/devps/download
    +++ b/font/devps/download
    @@ -2,5 +2,5 @@
     # PostScript-name      Filename
    
     Symbol-Slanted         symbolsl.pfa
    -ZapfDingbats-Reverse   zapfdr.pfa
    +ZapfDingbats-Reverse   ./zapfdr.pfa
     FreeEuro               freeeuro.pfa
    
    Before:
    
    $ echo a | groff -F ./font > /dev/null
    grops:<standard input>: fatal error: can't open encoding file './text.enc'
    $ echo a | GROPS_PROLOGUE=./build/font/devps/prologue groff -F ./font > 
/dev/null
    grops:<standard input>: fatal error: refusing to traverse directories to 
open PostScript prologue file 'grops: ../src/libs/libgroff/errarg.cpp:112: void 
errprint(const char*, const errarg&, const errarg&, const errarg&): Assertion 
`!arg1.empty()' failed.
    groff: error: grops: Aborted (core dumped)
    $ printf '\\[lh]\n' | groff -F ./font >/dev/null
    grops:<standard input>: error: refusing to traverse directories to open 
PostScript resource file 'grops: ../src/libs/libgroff/errarg.cpp:112: void 
errprint(const char*, const errarg&, const errarg&, const errarg&): Assertion 
`!arg1.empty()' failed.
    groff: error: grops: Aborted (core dumped)
    
    (Urp.)
    
    Now:
    
    $ echo a | ./build/test-groff -F ./font > /dev/null
    grops:<standard input>: fatal error: a '/' is not allowed in encoding file 
name: './text.enc'
    $ echo a | GROPS_PROLOGUE=./build/font/devps/prologue ./build/test-groff -F 
./font > /dev/null
    grops:<standard input>: fatal error: a '/' is not allowed in PostScript 
prologue file name: './build/font/devps/prologue'
    $ printf '\\[lh]\n' | ./build/test-groff -F ./font >/dev/null
    grops:<standard input>: fatal error: a '/' is not allowed in PostScript 
font file name: './zapfdr.pfa'
---
 ChangeLog                  | 16 ++++++++++++++++
 src/devices/grops/ps.cpp   |  9 +++------
 src/devices/grops/psrm.cpp | 21 ++++++++++-----------
 3 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 70e5e7f7c..f5ba5759a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2024-11-07  G. Branden Robinson <g.branden.robinson@gmail.com>
+
+       [grops]: Further revise fix for Savannah #61424.  Instead of
+       checking for a nonpositive `errno` after calling
+       `font::open_file()` and assuming that that means the function
+       rejected the file name for having a slash character in it, check
+       the file name at the call site and throw a fatal error there if
+       it contains one.
+
+       * src/devices/grops/ps.cpp (ps_printer::define_encoding):
+       * src/devices/grops/psrm.cpp (resource_manager::output_prolog)
+       (resource_manager::supply_resource): Do it.
+
+       Begins to address <https://savannah.gnu.org/bugs/?66419>.
+       Thanks to Rob Kolstad for the report and the suggestion.
+
 2024-11-07  G. Branden Robinson <g.branden.robinson@gmail.com>
 
        * src/devices/grops/ps.cpp (ps_printer::define_encoding):
diff --git a/src/devices/grops/ps.cpp b/src/devices/grops/ps.cpp
index 7cdf24e6f..5751f0375 100644
--- a/src/devices/grops/ps.cpp
+++ b/src/devices/grops/ps.cpp
@@ -790,14 +790,11 @@ void ps_printer::define_encoding(const char *encoding,
   for (i = 0; i < 256; i++)
     vec[i] = 0;
   char *path;
+  if (strchr(encoding, '/') != 0 /* nullptr */)
+    fatal("a '/' is not allowed in encoding file name: '%1'", encoding);
   FILE *fp = font::open_file(encoding, &path);
-  if (0 /* nullptr */ == fp) {
-    // If errno not valid, assume file rejected due to '/'.
-    if (errno <= 0)
-      fatal("refusing to traverse directories to open PostScript"
-           " encoding file '%1'");
+  if (0 /* nullptr */ == fp)
     fatal("cannot open encoding file '%1'", encoding);
-  }
   int lineno = 1;
   const int BUFFER_SIZE = 512;
   char buf[BUFFER_SIZE];
diff --git a/src/devices/grops/psrm.cpp b/src/devices/grops/psrm.cpp
index f939d1e6d..7a6a57026 100644
--- a/src/devices/grops/psrm.cpp
+++ b/src/devices/grops/psrm.cpp
@@ -293,15 +293,14 @@ void resource_manager::output_prolog(ps_output &out)
       fatal("cannot update environment: %1", strerror(errno));
   }
   char *prologue = getenv("GROPS_PROLOGUE");
+  // TODO: (?) Skip this check if `-U` (unsafe) option specified.
+  if (strchr(prologue, '/') != 0 /* nullptr */)
+    fatal("a '/' is not allowed in PostScript prologue file name:"
+         " '%1'", prologue);
   FILE *fp = font::open_file(prologue, &path);
-  if (0 /* nullptr */ == fp) {
-    // If errno not valid, assume file rejected due to '/'.
-    if (errno <= 0)
-      fatal("refusing to traverse directories to open PostScript"
-           " prologue file '%1'");
+  if (0 /* nullptr */ == fp)
     fatal("cannot open PostScript prologue file '%1': %2", prologue,
          strerror(errno));
-  }
   fputs("%%BeginResource: ", outfp);
   procset_resource->print_type_and_name(outfp);
   putc('\n', outfp);
@@ -334,14 +333,14 @@ void resource_manager::supply_resource(resource *r, int 
rank,
   char *path = 0 /* nullptr */;
   FILE *fp = 0 /* nullptr */;
   if (r->filename != 0 /* nullptr */) {
+    // TODO: (?) Skip this check if `-U` (unsafe) option specified.
+    if (strchr(r->filename, '/') != 0 /* nullptr */)
+      fatal("a '/' is not allowed in PostScript %1 file name: '%2'",
+           (r->type == RESOURCE_FONT) ? "font" : "resource",
+           r->filename);
     if (r->type == RESOURCE_FONT) {
       fp = font::open_file(r->filename, &path);
       if (0 /* nullptr */ == fp) {
-       // If errno not valid, assume file rejected due to '/'.
-       if (errno <= 0)
-         error("refusing to traverse directories to open PostScript"
-               " resource file '%1'");
-       else
          error("cannot open PostScript font file '%1': %2",
                r->filename, strerror(errno));
        delete[] r->filename;



reply via email to

[Prev in Thread] Current Thread [Next in Thread]