Sign in Sign up
Explore Enterprise Education Gitee Premium Gitee AI
Scan WeChat QR to Pay
Cancel
Complete
Watch
Unwatch Watching Releases Only Ignoring
1 Star 0 Fork 30

guoxiaoqi / ImageMagick

forked from src-openEuler / ImageMagick 
Code Issues 0 Pull Requests 0 Wiki Insights Pipelines
Service
Create your Gitee Account
Explore and code with more than 12 million developers,Free private repositories !:)
Sign up
This repository doesn't specify license. Please pay attention to the specific project description and its upstream code dependency when using it.
The license selected for the repository is subject to the license used by the main branch of the repository.
Clone or Download
CVE-2020-29599-5.patch 2.12 KB
Copy Edit Raw Blame History
wangxiao65 authored 2021-01-12 15:31 . fix CVE-2020-29599
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960
From 7b0cce080345e5b7ef26d122f18809c93a19a80e Mon Sep 17 00:00:00 2001

From: Cristy <urban-warrior@imagemagick.org>

Date: Mon, 16 Nov 2020 18:17:31 +0000

Subject: [PATCH] fix shell injection vulnerability via the -authenticate

 option



---

 coders/pdf.c    | 15 ++++++---------

 magick/string.c |  8 +++++++-

 2 files changed, 13 insertions(+), 10 deletions(-)



diff --git a/coders/pdf.c b/coders/pdf.c

index 63eda5d81..074ba3f64 100644

--- a/coders/pdf.c

+++ b/coders/pdf.c

@@ -585,17 +585,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)

   if (stop_on_error != MagickFalse)

     (void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);

   option=GetImageOption(image_info,"authenticate");

-  if (option != (char *) NULL)

+  if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL))

     {

       char

-        message[MagickPathExtent],

-        *passphrase;

-

-      passphrase=SanitizeString(option);

-      (void) FormatLocaleString(message,MagickPathExtent, 

-        "\"-sPDFPassword=%s\" ",passphrase);

-      passphrase=DestroyString(passphrase);

-      (void) ConcatenateMagickString(options,message,MagickPathExtent);

+        passphrase[MagickPathExtent];

+

+      (void) FormatLocaleString(passphrase,MagickPathExtent,

+        "\"-sPDFPassword=%s\" ",option);

+      (void) ConcatenateMagickString(options,passphrase,MagickPathExtent);

     }

   read_info=CloneImageInfo(image_info);

   *read_info->magick='\0';

diff --git a/magick/string.c b/magick/string.c

index c8ffa086f..7f6eebc3b 100644

--- a/magick/string.c

+++ b/magick/string.c

@@ -1604,9 +1604,15 @@ MagickExport char *SanitizeString(const char *source)

     *p;

 

   static char

+#if defined(MAGICKCORE_WINDOWS_SUPPORT)

     whitelist[] =

       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "

-      "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&=";

+      "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";

+#else

+    whitelist[] =

+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "

+      "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";

+#endif

 

   sanitize_source=AcquireString(source);

   p=sanitize_source;
1
https://gitee.com/angela7/ImageMagick.git
git@gitee.com:angela7/ImageMagick.git
angela7
ImageMagick
ImageMagick
master
Going to Help Center

Search

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
Repository Report
Back to the top