From: pabs Date: Fri, 7 Dec 2007 05:34:05 +0000 (+0000) Subject: Security fix: the mod_imagemagick importer used system to run convert, change it... X-Git-Url: https://git.pterodactylus.net/?a=commitdiff_plain;h=37aab4b94303b25f08338f1f2bb40395a487bf02;p=synfig.git Security fix: the mod_imagemagick importer used system to run convert, change it to use fork and exec. Malicious sif files could previously have executed arbitrary shell commands. git-svn-id: http://svn.voria.com/code@1187 1f10aa63-cdf2-0310-b900-c93c546f37ac --- diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp index 2481d06..4d7ca20 100644 --- a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp +++ b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp @@ -34,6 +34,9 @@ #include #include "mptr_imagemagick.h" #include +#include +#include +#include #include #include #include @@ -77,11 +80,6 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog //#define HAS_LIBPNG 1 #if 1 - if(file) - pclose(file); - - string command; - if(filename.empty()) { if(cb)cb->error(_("No file to load")); @@ -89,15 +87,27 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog return false; } string temp_file="/tmp/deleteme.png"; + string output="png32:"+temp_file; - if(filename.find("psd")!=String::npos) - command=strprintf("convert \"%s\" -flatten \"png32:%s\"\n",filename.c_str(),temp_file.c_str()); - else - command=strprintf("convert \"%s\" \"png32:%s\"\n",filename.c_str(),temp_file.c_str()); - - synfig::info("command=%s",command.c_str()); + pid_t pid = fork(); + + if (pid == -1) { + return false; + } + + if (pid == 0){ + // Child process + if(filename.find("psd")!=String::npos) + execlp("convert", "convert", filename.c_str(), "-flatten", output.c_str(), (const char *)NULL); + else + execlp("convert", "convert", filename.c_str(), output.c_str(), (const char *)NULL); + // We should never reach here unless the exec failed + return false; + } - if(system(command.c_str())!=0) + int status; + waitpid(pid, &status, 0); + if( (WIFEXITED(status) && WEXITSTATUS(status) != 0) || !WIFEXITED(status) ) return false; Importer::Handle importer(Importer::open(temp_file));