Juergen Daubert
11f86218d2
See - https://www.kb.cert.org/vuls/id/332928 - http://seclists.org/oss-sec/2018/q3/142
28 lines
1.6 KiB
Diff
28 lines
1.6 KiB
Diff
From: Ken Sharp <ken.sharp@artifex.com>
|
|
Date: Fri, 24 Aug 2018 11:44:26 +0000 (+0100)
|
|
Subject: Hide the .shfill operator
|
|
X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=e01e77a3
|
|
|
|
Hide the .shfill operator
|
|
|
|
Commit 0b6cd1918e1ec4ffd087400a754a845180a4522b was supposed to make
|
|
the .shfill operator unobtainable, but I accidentally left a comment
|
|
in the line doing so.
|
|
|
|
Fix it here, without this the operator can still be exploited.
|
|
---
|
|
|
|
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
|
|
index bc17d42..db3f7fe 100644
|
|
--- a/Resource/Init/gs_init.ps
|
|
+++ b/Resource/Init/gs_init.ps
|
|
@@ -2197,7 +2197,7 @@ SAFER { .setsafeglobal } if
|
|
/.oserrno /.setoserrno /.oserrorstring /.getCPSImode
|
|
/.getscanconverter /.setscanconverter /.type1encrypt /.type1decrypt/.languagelevel /.setlanguagelevel /.eqproc /.fillpage /.buildpattern1 /.saslprep
|
|
/.buildshading1 /.buildshading2 /.buildshading3 /.buildshading4 /.buildshading5 /.buildshading6 /.buildshading7 /.buildshadingpattern
|
|
-%/.shfill /.argindex /.bytestring /.namestring /.stringbreak /.stringmatch /.globalvmarray /.globalvmdict /.globalvmpackedarray /.globalvmstring
|
|
+/.shfill /.argindex /.bytestring /.namestring /.stringbreak /.stringmatch /.globalvmarray /.globalvmdict /.globalvmpackedarray /.globalvmstring
|
|
/.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile
|
|
/.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams
|
|
/.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath
|