Add use of new file access permissions to PS interp

(this is a squash of several commits from filesec branch) Use errno to indicate invalidfileaccess Integrate fontconfig with file access controls fontconfig API has a call to retrieve all the directories about which fontconfig knows, so we can get those, and add them to the paths from which we're permitted to read. Add (most of) the Postscript "managed" paths.... ...to the access controls. GenericResourceDir, ICCProfilesDir (reading) and temporary file directories for read/write/control. Add paths/files from C to the file access controls The -I paths, environment variables and build time paths. The command line specified output file, permit writing. Lastly, the command line specified input file is added to the readable list, interpreted, and then removed from the list. Add the FONTPATH path list to permit read access control list. I opted to do this in Postscript because the list is (normally) a colon separated list of paths, which we split into an array of paths (in Postscript) - it seems sensible to do this only once, both for storage and permissions. Add a non-standard string 'reverse search" operator The search operator searches for the first occurrence of a character code in a string (i.e. searches forwards from the start of the string), 'rsearch' finds the last instance of a character code (i.e. search backwards from the end of the string). Fix gp_open_scratch_file_rm for access permissions i.e. the same as gp_open_scratch_file Handle clist file 'rewind' failures 'Rewinding' clist files may involved closing and recreating the temporary files, which conceivably can fail, but the clist procs rewind method was a void function, so couldn't return an error. It now can, and does return an error, and we handle the error. Add file permissions support for piped output. Paths from Fontmap to PermitReading list cidfmap paths, add to PermitReading list Add command line options for path access control addition --permit-file-read --permit-file-write --permit-file-control --permit-file-all They all take a separated list of paths (the usual platform specific ':' or ';' separator), and to the respective access control lists - the final 'all' option adds the paths to all the control lists. Add file access control to the 'gp_stat' method. This is complicated by the need to add the memory allocator context to the gp_stat parameters. To facilitate this, I've added a gs_memory_t pointer to the gx_io_device structure, which is set during the io device initialisation at startup. mkromfs: Add dummy gp_stat_impl for Windows - saves quite a bit of pointless build upheaval Add file access protection to file enumeration. The low level implementation of Postscript's filenameforall (*_enumerate_files) needs to also honour file access protection. This is has been complicated by requiring a gs_memory_t to be available where it wasn't previously (in order to access the gs_lib_ctx and the file permissions lists therein). Temp
author: Chris Liddell <chris.liddell@artifex.com> 2019-05-07 11:30:15 +0100
committer: Chris Liddell <chris.liddell@artifex.com> 2019-05-29 10:20:25 +0100
commit: 7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (patch)
tree: 3c7d13cfd0a3dfbe5b2730039c123397e23a15f4 /base/gp_ntfs.c
parent: 9de16a6637b73e35f79d2d622de403b24e6502f2 (diff)
download: ghostpdl-7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff.tar.gz
1 files changed, 15 insertions, 13 deletions
diff --git a/base/gp_ntfs.c b/base/gp_ntfs.c
index 69a1de13b..aaf183be6 100644
--- a/base/gp_ntfs.c
+++ b/base/gp_ntfs.c
@@ -152,7 +152,7 @@ static int enumerate_directory_init(gs_memory_t *mem, directory_enum *pden, cons
 /* don't work with the OS call currently used. The '\' escape	*/
 /* character is removed for the 'Find...File' function.		*/
 file_enum *
-gp_enumerate_files_init(const char *pat, uint patlen, gs_memory_t * mem)
+gp_enumerate_files_init_impl(gs_memory_t * mem, const char *pat, uint patlen)
 {
     directory_enum *pden;
     file_enum *pfen;
@@ -226,14 +226,15 @@ gp_enumerate_files_init(const char *pat, uint patlen, gs_memory_t * mem)
 
 /* Enumerate the next file. */
 uint
-gp_enumerate_files_next(file_enum * pfen, char *ptr, uint maxlen)
+gp_enumerate_files_next_impl(gs_memory_t * mem, file_enum * pfen, char *ptr, uint maxlen)
 {
     directory_enum *new_denum = NULL, *pden = pfen->current;
     int code = 0;
     uint len;
     char outfname[(sizeof(pden->find_data.cFileName)*3+1)/2];
+
     if (pfen->illegal) {
-        gp_enumerate_files_close(pfen);
+        gp_enumerate_files_close(mem, pfen);
         return ~(uint) 0;
     }
 
@@ -256,9 +257,9 @@ gp_enumerate_files_next(file_enum * pfen, char *ptr, uint maxlen)
                 if (pden->previous) {
                     FindClose(pden->find_handle);
                     gs_free_object(pden->memory, pden->pattern,
-                       "gp_enumerate_files_close(pattern)");
+                       "gp_enumerate_files_next(pattern)");
                     new_denum = pden->previous;
-                    gs_free_object(pden->memory, pden, "gp_enumerate_files_close");
+                    gs_free_object(pden->memory, pden, "gp_enumerate_files_next");
                     pden = new_denum;
                     pfen->current = pden;
                     continue;
@@ -273,7 +274,7 @@ gp_enumerate_files_next(file_enum * pfen, char *ptr, uint maxlen)
                 if (pden->previous) {
                     FindClose(pden->find_handle);
                     gs_free_object(pden->memory, pden->pattern,
-                       "gp_enumerate_files_close(pattern)");
+                       "gp_enumerate_files_next(pattern)");
                     new_denum = pden->previous;
                     gs_free_object(pden->memory, pden, "gp_enumerate_files_close");
                     pden = new_denum;
@@ -314,7 +315,7 @@ gp_enumerate_files_next(file_enum * pfen, char *ptr, uint maxlen)
     }
 
     if (code != 0) {		/* All done, clean up. */
-        gp_enumerate_files_close(pfen);
+        gp_enumerate_files_close(mem, pfen);
         return ~(uint) 0;
     }
     wchar_to_utf8(outfname, pden->find_data.cFileName);
@@ -331,23 +332,24 @@ gp_enumerate_files_next(file_enum * pfen, char *ptr, uint maxlen)
 
 /* Clean up the file enumeration. */
 void
-gp_enumerate_files_close(file_enum * pfen)
+gp_enumerate_files_close_impl(gs_memory_t * mem, file_enum * pfen)
 {
     directory_enum *ptenum, *pden = pfen->current;
-    gs_memory_t *mem = pden->memory;
+    gs_memory_t *mem2 = pden->memory;
+    (void)mem;
 
     while (pden) {
         if (pden->find_handle != INVALID_HANDLE_VALUE)
             FindClose(pden->find_handle);
-        gs_free_object(mem, pden->pattern,
+        gs_free_object(mem2, pden->pattern,
                    "gp_enumerate_files_close(pattern)");
         ptenum = pden->previous;
-        gs_free_object(mem, pden, "gp_enumerate_files_close");
+        gs_free_object(mem2, pden, "gp_enumerate_files_close");
         pden = ptenum;
     };
-    gs_free_object(mem, pfen->pattern,
+    gs_free_object(mem2, pfen->pattern,
          "gp_enumerate_files_close(pattern)");
-    gs_free_object(mem, pfen, "gp_enumerate_files_close");
+    gs_free_object(mem2, pfen, "gp_enumerate_files_close");
 }
 
 /* -------------- Helpers for gp_file_name_combine_generic ------------- */
author	Chris Liddell <chris.liddell@artifex.com>	2019-05-07 11:30:15 +0100
committer	Chris Liddell <chris.liddell@artifex.com>	2019-05-29 10:20:25 +0100
commit	7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (patch)
tree	3c7d13cfd0a3dfbe5b2730039c123397e23a15f4 /base/gp_ntfs.c
parent	9de16a6637b73e35f79d2d622de403b24e6502f2 (diff)
download	ghostpdl-7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff.tar.gz