diff options
Diffstat (limited to 'pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch')
-rw-r--r-- | pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch b/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch deleted file mode 100644 index f1b4170fbaae9..0000000000000 --- a/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch +++ /dev/null @@ -1,95 +0,0 @@ ---- a/src/allheaders.h -+++ b/src/allheaders.h -@@ -2600,6 +2600,7 @@ - LEPT_DLL extern char * stringReverse ( const char *src ); - LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr ); - LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail ); -+LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound ); - LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars ); - LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc ); - LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc ); ---- a/src/gplot.c -+++ b/src/gplot.c -@@ -141,9 +141,10 @@ - const char *xlabel, - const char *ylabel) - { --char *newroot; --char buf[L_BUF_SIZE]; --GPLOT *gplot; -+char *newroot; -+char buf[L_BUF_SIZE]; -+l_int32 badchar; -+GPLOT *gplot; - - PROCNAME("gplotCreate"); - -@@ -152,6 +153,9 @@ - if (outformat != GPLOT_PNG && outformat != GPLOT_PS && - outformat != GPLOT_EPS && outformat != GPLOT_LATEX) - return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL); -+ stringCheckForChars(rootname, "`;&|><\"?*", &badchar); -+ if (badchar) /* danger of command injection */ -+ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL); - - if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL) - return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL); ---- a/src/utils2.c -+++ b/src/utils2.c -@@ -42,6 +42,7 @@ - * l_int32 stringSplitOnToken() - * - * Find and replace string and array procs -+ * l_int32 stringCheckForChars() - * char *stringRemoveChars() - * l_int32 stringFindSubstr() - * char *stringReplaceSubstr() -@@ -701,6 +702,48 @@ - /*--------------------------------------------------------------------* - * Find and replace procs * - *--------------------------------------------------------------------*/ -+/*! -+ * \brief stringCheckForChars() -+ * -+ * \param[in] src input string; can be of zero length -+ * \param[in] chars string of chars to be searched for in %src -+ * \param[out] pfound 1 if any characters are found; 0 otherwise -+ * \return 0 if OK, 1 on error -+ * -+ * <pre> -+ * Notes: -+ * (1) This can be used to sanitize an operation by checking for -+ * special characters that don't belong in a string. -+ * </pre> -+ */ -+l_int32 -+stringCheckForChars(const char *src, -+ const char *chars, -+ l_int32 *pfound) -+{ -+char ch; -+l_int32 i, n; -+ -+ PROCNAME("stringCheckForChars"); -+ -+ if (!pfound) -+ return ERROR_INT("&found not defined", procName, 1); -+ *pfound = FALSE; -+ if (!src || !chars) -+ return ERROR_INT("src and chars not both defined", procName, 1); -+ -+ n = strlen(src); -+ for (i = 0; i < n; i++) { -+ ch = src[i]; -+ if (strchr(chars, ch)) { -+ *pfound = TRUE; -+ break; -+ } -+ } -+ return 0; -+} -+ -+ - /*! - * \brief stringRemoveChars() - * |