blob: 593109fb9f2cb8043f581c36a2fa1dda25b39d0b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From 53f0cb4c54ac951697704cb87d24154ae08aecce Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 20 Feb 2019 09:54:28 +0000
Subject: [PATCH] Bug 700576: Make a transient proc executeonly (in
DefineResource).
This prevents access to .forceput
Solution originally suggested by cbuissar@redhat.com.
CVE: CVE-2019-3838
Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
---
Resource/Init/gs_res.ps | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index 89c0ed6..a163541 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -426,7 +426,7 @@ status {
% so we have to use .forceput here.
currentdict /.Instances 2 index .forceput % Category dict is read-only
} executeonly if
- }
+ } executeonly
{ .LocalInstances dup //.emptydict eq
{ pop 3 dict localinstancedict Category 2 index put
}
--
2.18.1
|
