From 83224f8cf1f9b7b15918a130759717a5a375be91 Mon Sep 17 00:00:00 2001 From: pabs Date: Fri, 7 Dec 2007 04:29:57 +0000 Subject: [PATCH] Minor security fix: the unused mod_ffmpeg importer used popen to run convert, change it to use pipe, fork and exec. Malicious sif files could previously have executed arbitrary shell commands. Also disable the unused part of the mod_imagemagick importer. git-svn-id: http://svn.voria.com/code@1186 1f10aa63-cdf2-0310-b900-c93c546f37ac --- .../trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp | 55 +++++++++++++++++++--- .../trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.h | 2 + .../modules/mod_imagemagick/mptr_imagemagick.cpp | 3 ++ 3 files changed, 53 insertions(+), 7 deletions(-) diff --git a/synfig-core/trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp b/synfig-core/trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp index bc4cc7b..f05b2d4 100644 --- a/synfig-core/trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp +++ b/synfig-core/trunk/src/modules/mod_ffmpeg/mptr_ffmpeg.cpp @@ -34,6 +34,9 @@ #include #include "mptr_ffmpeg.h" #include +#include +#include +#include #include #include #include @@ -63,14 +66,47 @@ ffmpeg_mptr::seek_to(int frame) { if(file) { - pclose(file); + fclose(file); + int status; + waitpid(pid,&status,0); } - string command; - - command=strprintf("ffmpeg -i \"%s\" -an -f image2pipe -vcodec ppm -\n",filename.c_str()); - - file=popen(command.c_str(),POPEN_BINARY_READ_TYPE); + int p[2]; + + if (pipe(p)) { + cerr<<"Unable to open pipe to ffmpeg"< +#include #include #include "string.h" #ifdef HAVE_TERMIOS_H @@ -49,6 +50,7 @@ class ffmpeg_mptr : public synfig::Importer SYNFIG_IMPORTER_MODULE_EXT public: private: + pid_t pid; synfig::String filename; FILE *file; int cur_frame; diff --git a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp index a077230..2481d06 100644 --- a/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp +++ b/synfig-core/trunk/src/modules/mod_imagemagick/mptr_imagemagick.cpp @@ -159,6 +159,9 @@ imagemagick_mptr::get_frame(synfig::Surface &surface,Time /*time*/, synfig::Prog return true; #else + +#error This code contains tempfile and arbitrary shell command execution vulnerabilities + if(file) pclose(file); -- 2.7.4