diff options
author | Robin Watts <Robin.Watts@artifex.com> | 2019-06-03 14:19:54 +0100 |
---|---|---|
committer | Robin Watts <Robin.Watts@artifex.com> | 2019-06-03 16:02:21 +0100 |
commit | 7b052ff372bbd325676d2e1a57dfd71c33c9f677 (patch) | |
tree | d22ff12c0097dda3303dac764fbbe20031906567 /base/gslibctx.c | |
parent | 650c49424529fca922519ee9cdf2086eee5cfb70 (diff) | |
download | ghostpdl-7b052ff372bbd325676d2e1a57dfd71c33c9f677.tar.gz |
Update gpdl with new file access permissions.
This basically involves duplicating the changes from Chris'
gs commit. Part of this promotes a couple of static functions
to being global ones so both implementations can call them.
Diffstat (limited to 'base/gslibctx.c')
-rw-r--r-- | base/gslibctx.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/base/gslibctx.c b/base/gslibctx.c index 276dfac92..8e3afea7b 100644 --- a/base/gslibctx.c +++ b/base/gslibctx.c @@ -436,6 +436,65 @@ gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, co return code; } +/* For the OutputFile permission we have to deal with formattable strings + i.e. ones that have "%d" or similar in them. For these we want to replace + everything after the %d with a wildcard "*". + Since we do this in two places (the -s and -o cases) split it into a + function. + */ +#define IS_WHITESPACE(c) ((c == 0x20) || (c == 0x9) || (c == 0xD) || (c == 0xA)) +int +gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) +{ + char *fp, f[gp_file_name_sizeof] = {0}; + const int percent = 37; /* ASCII code for '%' */ + const int pipe = 124; /* ASCII code for '|' */ + const int len = strlen(fname); + + strncpy(f, fname, len); + fp = strchr(f, percent); + if (fp != NULL) { + fp[0] = '*'; + fp[1] = '\0'; + fp = f; + } else { + int i; + fp = f; + for (i = 0; i < len; i++) { + if (f[i] == pipe) { + fp = &f[i + 1]; + /* Because we potentially have to check file permissions at two levels + for the output file (gx_device_open_output_file and the low level + fopen API, if we're using a pipe, we have to add both the full string, + (including the '|', and just the command to which we pipe - since at + the pipe_fopen(), the leading '|' has been stripped. + */ + gs_add_control_path(mem, gs_permit_file_writing, f); + break; + } + if (!IS_WHITESPACE(f[i])) + break; + } + } + return gs_add_control_path(mem, gs_permit_file_writing, fp); +} + +int +gs_add_explicit_control_path(gs_memory_t *mem, const char *arg, gs_path_control_t control) +{ + char *p2, *p1 = (char *)arg + 17; + const char *lim = arg + strlen(arg); + int code = 0; + + while (code >= 0 && p1 < lim && (p2 = strchr(p1, (int)gp_file_name_list_separator)) != NULL) { + code = gs_add_control_path_len(mem, gs_permit_file_reading, p1, (int)(p2 - p1)); + p1 = p2 + 1; + } + if (p1 < lim) + code = gs_add_control_path_len(mem, control, p1, (int)(lim - p1)); + return code; +} + int gs_add_control_path_len(const gs_memory_t *mem, gs_path_control_t type, const char *path, size_t len) { |