From e3bde2b95fdc0fe05d1fe855667058dc4f6a4e6d Mon Sep 17 00:00:00 2001 From: pabs Date: Fri, 7 Dec 2007 03:39:08 +0000 Subject: [PATCH] Minor security fix: mod_imagemagick used popen to run covert, change it to use pipe, fork and exec. Strangely named sif files could previously have executed arbitrary shell commands. git-svn-id: http://svn.voria.com/code@1185 1f10aa63-cdf2-0310-b900-c93c546f37ac --- .../modules/mod_imagemagick/trgt_imagemagick.cpp | 73 ++++++++++++++++++---- .../src/modules/mod_imagemagick/trgt_imagemagick.h | 2 + 2 files changed, 62 insertions(+), 13 deletions(-) diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/trgt_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/trgt_imagemagick.cpp index 88dd95a..bfd8f59 100644 --- a/synfig-core/trunk/src/modules/mod_imagemagick/trgt_imagemagick.cpp +++ b/synfig-core/trunk/src/modules/mod_imagemagick/trgt_imagemagick.cpp @@ -36,6 +36,9 @@ #include #include "trgt_imagemagick.h" #include +#include +#include +#include #include #include #include @@ -61,6 +64,7 @@ SYNFIG_TARGET_SET_CVS_ID(imagemagick_trgt,"$Id$"); imagemagick_trgt::imagemagick_trgt(const char *Filename) { + pid=-1; file=NULL; filename=Filename; multi_image=false; @@ -70,8 +74,11 @@ imagemagick_trgt::imagemagick_trgt(const char *Filename) imagemagick_trgt::~imagemagick_trgt() { - if(file) - pclose(file); + if(file){ + fclose(file); + int status; + waitpid(pid,&status,0); + } file=NULL; delete [] buffer; delete [] color_buffer; @@ -110,7 +117,9 @@ imagemagick_trgt::end_frame() { fputc(0,file); fflush(file); - pclose(file); + fclose(file); + int status; + waitpid(pid,&status,0); } file=NULL; imagecount++; @@ -119,7 +128,8 @@ imagemagick_trgt::end_frame() bool imagemagick_trgt::start_frame(synfig::ProgressCallback *cb) { - string command; + const char *msg=_("Unable to open pipe to imagemagick's convert utility"); + string newfilename; if (multi_image) @@ -129,18 +139,55 @@ imagemagick_trgt::start_frame(synfig::ProgressCallback *cb) else newfilename = filename; - command=strprintf("convert -depth 8 -size %dx%d rgb%s:-[0] -density %dx%d \"%s\"\n", - desc.get_w(), desc.get_h(), // size - ((channels(pf) == 4) ? "a" : ""), // rgba or rgb? - round_to_int(desc.get_x_res()/39.3700787402), // density - round_to_int(desc.get_y_res()/39.3700787402), - newfilename.c_str()); - - file=popen(command.c_str(),POPEN_BINARY_WRITE_TYPE); + int p[2]; + + if (pipe(p)) { + if(cb) cb->error(N_(msg)); + else synfig::error(N_(msg)); + return false; + }; + + pid = fork(); + + if (pid == -1) { + if(cb) cb->error(N_(msg)); + else synfig::error(N_(msg)); + return false; + } + + if (pid == 0){ + // Child process + // Close pipeout, not needed + close(p[1]); + // Dup pipeout to stdin + if( dup2( p[0], STDIN_FILENO ) == -1 ){ + if(cb) cb->error(N_(msg)); + else synfig::error(N_(msg)); + return false; + } + // Close the unneeded pipeout + close(p[0]); + execlp("convert", "convert", + "-depth", "8", + "-size", strprintf("%dx%d", desc.get_w(), desc.get_h()).c_str(), + ((channels(pf) == 4) ? "rgba:-[0]" : "rgb:-[0]"), + "-density", strprintf("%dx%d", round_to_int(desc.get_x_res()/39.3700787402), round_to_int(desc.get_y_res()/39.3700787402)).c_str(), + newfilename.c_str(), + (const char *)NULL); + // We should never reach here unless the exec failed + if(cb) cb->error(N_(msg)); + else synfig::error(N_(msg)); + return false; + } else { + // Parent process + // Close pipein, not needed + close(p[0]); + // Save pipeout to file handle, will write to it later + file = fdopen(p[1], "wb"); + } if(!file) { - const char *msg=_("Unable to open pipe to imagemagick's convert utility"); if(cb)cb->error(N_(msg)); else synfig::error(N_(msg)); return false; diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/trgt_imagemagick.h b/synfig-core/trunk/src/modules/mod_imagemagick/trgt_imagemagick.h index 15287dd..2a9a171 100644 --- a/synfig-core/trunk/src/modules/mod_imagemagick/trgt_imagemagick.h +++ b/synfig-core/trunk/src/modules/mod_imagemagick/trgt_imagemagick.h @@ -31,6 +31,7 @@ #include #include +#include #include /* === M A C R O S ========================================================= */ @@ -44,6 +45,7 @@ class imagemagick_trgt : public synfig::Target_Scanline { SYNFIG_TARGET_MODULE_EXT private: + pid_t pid; int imagecount; bool multi_image; FILE *file; -- 2.7.4