rpms/ghostscript
7
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL-38835 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library

Browse Source 
Resolves: RHEL-38835
This commit is contained in:
Zdenek Dohnal 2024-06-20 09:35:04 +02:00
parent e6f909d047
commit 46c9fdd454
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
0001-OPVP-device-prevent-unsafe-parameter-change-with-SAF.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
index 74200cf..dc45b22 100644
--- a/contrib/opvp/gdevopvp.c
+++ b/contrib/opvp/gdevopvp.c
@@ -3296,7 +3296,7 @@ _get_params(gx_device* dev, gs_param_list *plist)
/* vector driver name */
pname = "Driver";
vdps.data = (byte *)opdev->globals.vectorDriver;
- vdps.size = (opdev->globals.vectorDriver ? strlen(opdev->globals.vectorDriver) + 1 : 0);
+ vdps.size = (opdev->globals.vectorDriver ? strlen(opdev->globals.vectorDriver) : 0);
vdps.persistent = false;
code = param_write_string(plist, pname, &vdps);
if (code) ecode = code;
@@ -3456,6 +3456,12 @@ _put_params(gx_device *dev, gs_param_list *plist)
code = param_read_string(plist, pname, &vdps);
switch (code) {
case 0:
+ if (gs_is_path_control_active(dev->memory)
+ && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size
+ || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) {
+ param_signal_error(plist, pname, gs_error_invalidaccess);
+ return_error(gs_error_invalidaccess);
+ }
buff = realloc(buff, vdps.size + 1);
memcpy(buff, vdps.data, vdps.size);
buff[vdps.size] = 0;

7
ghostscript.spec
View File

@ -45,7 +45,7 @@
Name: ghostscript
Summary: Interpreter for PostScript language & PDF
Version: 10.02.1
Release: 8%{?dist}
Release: 9%{?dist}
License: AGPL-3.0-or-later
@ -113,6 +113,8 @@ Patch: ghostscript-10.02.1-PostScript-Fix-selectdevice.patch
Patch: 0001-Bug-707130-Cast-to-void-to-avoid-compiler-warning.patch
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8f5c77af6c0b
Patch: 0001-X-device-fix-compiler-warning.patch
# RHEL-38835 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library
Patch: 0001-OPVP-device-prevent-unsafe-parameter-change-with-SAF.patch
# Downstream patches -- these should be always included when doing rebase:
# ------------------
@ -429,6 +431,9 @@ done
# =============================================================================
%changelog
* Thu Jun 20 2024 Zdenek Dohnal <zdohnal@redhat.com> - 10.02.1-9
- RHEL-38835 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 10.02.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild