diff options
Diffstat (limited to 'pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch')
-rw-r--r-- | pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch b/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch new file mode 100644 index 00000000000..f1b4170fbaa --- /dev/null +++ b/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch @@ -0,0 +1,95 @@ +--- a/src/allheaders.h ++++ b/src/allheaders.h +@@ -2600,6 +2600,7 @@ + LEPT_DLL extern char * stringReverse ( const char *src ); + LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr ); + LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail ); ++LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound ); + LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars ); + LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc ); + LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc ); +--- a/src/gplot.c ++++ b/src/gplot.c +@@ -141,9 +141,10 @@ + const char *xlabel, + const char *ylabel) + { +-char *newroot; +-char buf[L_BUF_SIZE]; +-GPLOT *gplot; ++char *newroot; ++char buf[L_BUF_SIZE]; ++l_int32 badchar; ++GPLOT *gplot; + + PROCNAME("gplotCreate"); + +@@ -152,6 +153,9 @@ + if (outformat != GPLOT_PNG && outformat != GPLOT_PS && + outformat != GPLOT_EPS && outformat != GPLOT_LATEX) + return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL); ++ stringCheckForChars(rootname, "`;&|><\"?*", &badchar); ++ if (badchar) /* danger of command injection */ ++ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL); + + if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL) + return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL); +--- a/src/utils2.c ++++ b/src/utils2.c +@@ -42,6 +42,7 @@ + * l_int32 stringSplitOnToken() + * + * Find and replace string and array procs ++ * l_int32 stringCheckForChars() + * char *stringRemoveChars() + * l_int32 stringFindSubstr() + * char *stringReplaceSubstr() +@@ -701,6 +702,48 @@ + /*--------------------------------------------------------------------* + * Find and replace procs * + *--------------------------------------------------------------------*/ ++/*! ++ * \brief stringCheckForChars() ++ * ++ * \param[in] src input string; can be of zero length ++ * \param[in] chars string of chars to be searched for in %src ++ * \param[out] pfound 1 if any characters are found; 0 otherwise ++ * \return 0 if OK, 1 on error ++ * ++ * <pre> ++ * Notes: ++ * (1) This can be used to sanitize an operation by checking for ++ * special characters that don't belong in a string. ++ * </pre> ++ */ ++l_int32 ++stringCheckForChars(const char *src, ++ const char *chars, ++ l_int32 *pfound) ++{ ++char ch; ++l_int32 i, n; ++ ++ PROCNAME("stringCheckForChars"); ++ ++ if (!pfound) ++ return ERROR_INT("&found not defined", procName, 1); ++ *pfound = FALSE; ++ if (!src || !chars) ++ return ERROR_INT("src and chars not both defined", procName, 1); ++ ++ n = strlen(src); ++ for (i = 0; i < n; i++) { ++ ch = src[i]; ++ if (strchr(chars, ch)) { ++ *pfound = TRUE; ++ break; ++ } ++ } ++ return 0; ++} ++ ++ + /*! + * \brief stringRemoveChars() + * |