From: pabs Date: Fri, 7 Dec 2007 04:29:57 +0000 (+0000) Subject: Minor security fix: the unused mod_ffmpeg importer used popen to run convert, change... X-Git-Url: https://git.pterodactylus.net/?a=commitdiff_plain;h=83224f8cf1f9b7b15918a130759717a5a375be91;p=synfig.git Minor security fix: the unused mod_ffmpeg importer used popen to run convert, change it to use pipe, fork and exec. Malicious sif files could previously have executed arbitrary shell commands. Also disable the unused part of the mod_imagemagick importer. git-svn-id: http://svn.voria.com/code@1186 1f10aa63-cdf2-0310-b900-c93c546f37ac --- diff --git a/synfig-core/trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp b/synfig-core/trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp index bc4cc7b..f05b2d4 100644 --- a/synfig-core/trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp +++ b/synfig-core/trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp @@ -34,6 +34,9 @@ #include #include "mptr_ffmpeg.h" #include +#include +#include +#include #include #include #include @@ -63,14 +66,47 @@ ffmpeg_mptr::seek_to(int frame) { if(file) { - pclose(file); + fclose(file); + int status; + waitpid(pid,&status,0); } - string command; - - command=strprintf("ffmpeg -i \"%s\" -an -f image2pipe -vcodec ppm -\n",filename.c_str()); - - file=popen(command.c_str(),POPEN_BINARY_READ_TYPE); + int p[2]; + + if (pipe(p)) { + cerr<<"Unable to open pipe to ffmpeg"< +#include #include #include "string.h" #ifdef HAVE_TERMIOS_H @@ -49,6 +50,7 @@ class ffmpeg_mptr : public synfig::Importer SYNFIG_IMPORTER_MODULE_EXT public: private: + pid_t pid; synfig::String filename; FILE *file; int cur_frame; diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp index a077230..2481d06 100644 --- a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp +++ b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp @@ -159,6 +159,9 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog return true; #else + +#error This code contains tempfile and arbitrary shell command execution vulnerabilities + if(file) pclose(file);