summaryrefslogtreecommitdiff
path: root/libspectre
diff options
context:
space:
mode:
authorChristian Persch <chpe@src.gnome.org>2018-10-20 00:17:47 +0200
committerChristian Persch <chpe@src.gnome.org>2018-10-20 00:17:47 +0200
commit75e154f89565af475ef4c9c9a01a805eadb9405e (patch)
treef971870b3ae7efc195945f852147671c644fa8da /libspectre
parent48696f7e724923564dd6c8908afdb7c9d4893f02 (diff)
spectre-gs: Enforce minimum ghostscript version
Ghostscript versions before 9.24 had a critical vulnerability allowing to escape -dSAFER; refuse to do anything if the version is less than 9.24. https://gitlab.freedesktop.org/libspectre/libspectre/issues/25
Diffstat (limited to 'libspectre')
-rw-r--r--libspectre/spectre-gs.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/libspectre/spectre-gs.c b/libspectre/spectre-gs.c
index 414175a..f586321 100644
--- a/libspectre/spectre-gs.c
+++ b/libspectre/spectre-gs.c
@@ -29,6 +29,11 @@
#include <ghostscript/iapi.h>
#include <ghostscript/ierrors.h>
+/* Ghostscript before version 9.24 has a critial vulnerability
+ * where -dSAFER could be escaped from.
+ */
+#define GS_MIN_VERSION (924)
+
/* e_ macros have been removed from Ghostscript in 9.18. */
#ifndef e_Fatal
#define e_Fatal gs_error_Fatal
@@ -166,8 +171,13 @@ int
spectre_gs_create_instance (SpectreGS *gs,
void *caller_handle)
{
+ int version;
int error;
-
+
+ version = spectre_gs_get_version ();
+ if (version < GS_MIN_VERSION)
+ return FALSE;
+
error = gsapi_new_instance (&gs->ghostscript_instance, caller_handle);
if (!critic_error_code (error)) {
gsapi_set_stdio (gs->ghostscript_instance,