Index: dviwin.cpp =================================================================== RCS file: /home/kde/kdegraphics/kdvi/dviwin.cpp,v retrieving revision 1.123.2.3 diff -u -r1.123.2.3 dviwin.cpp --- dviwin.cpp 13 Feb 2003 20:03:39 -0000 1.123.2.3 +++ dviwin.cpp 7 Apr 2003 19:43:39 -0000 @@ -37,7 +37,7 @@ #include #include #include - +#include #include "dviwin.h" #include "fontpool.h" @@ -503,6 +503,28 @@ // specials in PostScriptDirectory, and the headers in the // PostScriptHeaderString. PS_interface->clear(); + + // Files that reside under "tmp" or under the "data" resource are most + // likely remote files. We limit the files they are able to read to + // the directory they are in in order to limit the possibilities of a + // denial of service attack. + bool restrictIncludePath = true; + QString tmp = KGlobal::dirs()->saveLocation("tmp", QString::null); + if (!filename.startsWith(tmp)) + { + tmp = KGlobal::dirs()->saveLocation("data", QString::null); + if (!filename.startsWith(tmp)) + restrictIncludePath = false; + } + + QString includePath; + if (restrictIncludePath) + { + includePath = filename; + includePath.truncate(includePath.findRev('/')); + } + + PS_interface->setIncludePath(includePath); // We will also generate a list of hyperlink-anchors in the // document. So declare the existing list empty. Index: psgs.cpp =================================================================== RCS file: /home/kde/kdegraphics/kdvi/psgs.cpp,v retrieving revision 1.16 diff -u -r1.16 psgs.cpp --- psgs.cpp 31 Jul 2002 16:39:39 -0000 1.16 +++ psgs.cpp 7 Apr 2003 19:43:39 -0000 @@ -59,6 +59,12 @@ DiskCache->clear(); } +void ghostscript_interface::setIncludePath(const QString &_includePath) { + if (_includePath.isEmpty()) + includePath = "*"; // Allow all files + else + includePath = _includePath+"/*"; +} void ghostscript_interface::setPostScript(int page, QString PostScript) { pageInfo *info = new pageInfo(PostScript); @@ -125,11 +131,13 @@ // Step 2: Call GS with the File KProcess proc; proc << "gs"; - proc << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256"; + proc << "-dSAFER" << "-dPARANOIDSAFER" << "-dDELAYSAFER" << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256"; proc << QString("-sOutputFile=%1").arg(filename); + proc << QString("-sExtraIncludePath=%1").arg(includePath); proc << QString("-g%1x%2").arg(pixel_page_w).arg(pixel_page_h); // page size in pixels proc << QString("-r%1").arg(resolution); // resolution in dpi - proc << PSfile.name(); + proc << "-c" << "<< /PermitFileReading [ ExtraIncludePath ] /PermitFileWriting [] /PermitFileControl [] >> setuserparams .locksafe"; + proc << "-f" << PSfile.name(); proc.start(KProcess::Block); PSfile.unlink(); emit(setStatusBarText(QString::null)); Index: psgs.h =================================================================== RCS file: /home/kde/kdegraphics/kdvi/psgs.h,v retrieving revision 1.4 diff -u -r1.4 psgs.h --- psgs.h 31 Jul 2002 16:39:39 -0000 1.4 +++ psgs.h 7 Apr 2003 19:43:39 -0000 @@ -42,6 +42,9 @@ // void setPostScript(int page, QString PostScript); + // sets path from additional postscript files may be read + void setIncludePath(const QString &_includePath); + // Returns the graphics of the page, if possible. The functions // returns a pointer to a QPixmap, or null. The referred QPixmap // should be deleted after use. @@ -64,6 +67,8 @@ double resolution; // in dots per inch int pixel_page_w; // in pixels int pixel_page_h; // in pixels + + QString includePath; signals: /** Passed through to the top-level kpart. */