blob: 19cf7cc8c03e9a3df97b75ce3a7dd61e1f396426 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From 37d7c9117b70e75ebed21c6c8192251f127c0fb0 Mon Sep 17 00:00:00 2001
From: Nancy Durgin <nancy.durgin@artifex.com>
Date: Mon, 5 Nov 2018 15:36:27 +0800
Subject: [PATCH 1/2] Undefine some additional internal operators.
.type, .writecvs, .setSMask, .currentSMask
These don't seem to be referenced anywhere outside of the initialization code,
which binds their usages. Passes cluster if they are removed.
CVE: CVE-2018-18073
Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
Resource/Init/gs_init.ps | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index f952f32..7c71d18 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -2230,6 +2230,7 @@ SAFER { .setsafeglobal } if
/.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile
/.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams
/.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath
+ /.type /.writecvs /.setSMask /.currentSMask
% Used by a free user in the Library of Congress. Apparently this is used to
% draw a partial page, which is then filled in by the results of a barcode
@@ -2248,7 +2249,7 @@ SAFER { .setsafeglobal } if
% test files/utilities, or engineers expressed a desire to keep them visible.
%
%/currentdevice /.sort /.buildfont0 /.buildfont1 /.buildfont2 /.buildfont3 /.buildfont4 /.buildfont9 /.buildfont10 /.buildfont11
- %/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors
+ %/.buildfont32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors
%/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget
%/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9
%/.tempfile /.numicc_components /.set_outputintent /.max /.min /.vmreclaim /.getpath /.setglobal
--
2.7.4
|