The following patch was adapted for GNU Ghostscript by Mark H Weaver based on: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001 From: Chris Liddell Date: Sat, 5 Mar 2016 14:56:03 -0800 Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER --- Resource/Init/gs_init.ps | 2 ++ psi/zfile.c | 36 ++++++++++++++++++++---------------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps index fa33d88..99888ac 100644 --- a/Resource/Init/gs_init.ps +++ b/Resource/Init/gs_init.ps @@ -2018,6 +2018,7 @@ readonly def /.locksafe { .locksafe_userparams + systemdict /getenv {pop //false} put % setpagedevice has the side effect of clearing the page, but % we will just document that. Using setpagedevice keeps the device % properties and pagedevice .LockSafetyParams in agreement even @@ -2036,6 +2037,7 @@ readonly def %% /.locksafeglobal { .locksafe_userparams + systemdict /getenv {pop //false} put % setpagedevice has the side effect of clearing the page, but % we will just document that. Using setpagedevice keeps the device % properties and pagedevice .LockSafetyParams in agreement even diff --git a/psi/zfile.c b/psi/zfile.c index 320ecd5..0b9f299 100644 --- a/psi/zfile.c +++ b/psi/zfile.c @@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p) if (len < devlen) return_error(e_rangecheck); /* not even room for device len */ - memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); - code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, - len - devlen); - if (code == ~(uint) 0) { /* all done */ - esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ - return o_pop_estack; - } else if (code > len) /* overran string */ - return_error(e_rangecheck); - else { - push(1); - ref_assign(op, pscratch); - r_set_size(op, code + devlen); - push_op_estack(file_continue); /* come again */ - *++esp = pscratch[2]; /* proc */ - return o_push_estack; - } + + do { + memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); + code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, + len - devlen); + if (code == ~(uint) 0) { /* all done */ + esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ + return o_pop_estack; + } else if (code > len) /* overran string */ + return_error(e_rangecheck); + else if (iodev != iodev_default(imemory) + || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) { + push(1); + ref_assign(op, pscratch); + r_set_size(op, code + devlen); + push_op_estack(file_continue); /* come again */ + *++esp = pscratch[2]; /* proc */ + return o_push_estack; + } + } while(1); } /* Cleanup procedure for enumerating files */ static int -- 2.9.1