Bug 698676: have filenameforall permission check use "reduced" path

Prevents working around SAFER file access permissions. CVE-2017-15652
author: Chris Liddell <chris.liddell@artifex.com> 2017-10-20 14:16:44 +0100
committer: Chris Liddell <chris.liddell@artifex.com> 2017-10-20 14:19:58 +0100
commit: 2fc463d0efbd044a8232611f0898eeb12b72a970 (patch)
tree: 79e91af6359d7cddba8c446f560f9cdb715e45ff /psi/zfile.c
parent: 684f73e8deefacb2aa5d2277f3154b68809b2ab7 (diff)
download: ghostpdl-2fc463d0efbd044a8232611f0898eeb12b72a970.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/psi/zfile.c b/psi/zfile.c
index 458339d1a..00da24c0d 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -410,7 +410,7 @@ file_continue(i_ctx_t *i_ctx_p)
         } else if (code > len)      /* overran string */
             return_error(gs_error_rangecheck);
         else if (iodev != iodev_default(imemory)
-              || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, iodev, "PermitFileReading")) == 0) {
+              || (check_file_permissions(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, iodev, "PermitFileReading")) == 0) {
             push(1);
             ref_assign(op, pscratch);
             r_set_size(op, code + devlen);
author	Chris Liddell <chris.liddell@artifex.com>	2017-10-20 14:16:44 +0100
committer	Chris Liddell <chris.liddell@artifex.com>	2017-10-20 14:19:58 +0100
commit	2fc463d0efbd044a8232611f0898eeb12b72a970 (patch)
tree	79e91af6359d7cddba8c446f560f9cdb715e45ff /psi/zfile.c
parent	684f73e8deefacb2aa5d2277f3154b68809b2ab7 (diff)
download	ghostpdl-2fc463d0efbd044a8232611f0898eeb12b72a970.tar.gz