SOURCES: gpdf-CAN-2005-2097.patch (NEW) - fix for a DoS vulnerabil...

adamg adamg at pld-linux.org
Tue Aug 16 10:38:59 CEST 2005 

Author: adamg                        Date: Tue Aug 16 08:38:59 2005 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- fix for a DoS vulnerability (CAN-2005-2097)
- release 3

---- Files affected:
SOURCES:
   gpdf-CAN-2005-2097.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/gpdf-CAN-2005-2097.patch
diff -u /dev/null SOURCES/gpdf-CAN-2005-2097.patch:1.1
--- /dev/null	Tue Aug 16 10:38:59 2005
+++ SOURCES/gpdf-CAN-2005-2097.patch	Tue Aug 16 10:38:54 2005
@@ -0,0 +1,66 @@
+Patch to fix CAN-2005-2097.  The patch in #163920 doesn't apply to
+gpdf, since gpdf uses the gnome print api for rendering.  The crux of
+that patch is to avoid using the FoFi (font file) classes for fixing
+up the embedded truetype font, but instead pass the font to freetype
+directly.  This patch does the same thing for the gpdf rendering code.
+
+Kristian Høgsberg <krh at redhat.com>
+
+--- gpdf-2.8.2/xpdf/GPOutputDev.cc.krh	2005-08-01 11:44:43.000000000 -0400
++++ gpdf-2.8.2/xpdf/GPOutputDev.cc	2005-08-01 11:45:32.000000000 -0400
+@@ -258,9 +258,6 @@
+   }
+   case fontTrueType: {
+     FoFiTrueType *ff;
+-    gint fd;
+-    gchar *temp_name;
+-    FILE *f;
+     gushort *code_to_gid;
+ 
+     ff = FoFiTrueType::make((char *)contents, length);
+@@ -269,16 +266,7 @@
+ 
+     code_to_gid = ((Gfx8BitFont *)font)->getCodeToGIDMap(ff); // this is g(oo)malloc'd
+ 
+-    fd = g_file_open_tmp("gpdf-ttf-XXXXXX", &temp_name, NULL);
+-    f = fdopen(fd, "wb");
+-    ff->writeTTF(&fileWrite, f);
+     delete ff;
+-    g_free(contents);
+-    fclose(f);
+-
+-    g_file_get_contents(temp_name, (gchar **)&contents, &length, NULL);
+-    unlink(temp_name);
+-    g_free(temp_name);
+ 
+     gff = gpdf_font_face_download((const guchar *)font_name,
+ 				  (const guchar *)"",
+@@ -324,28 +312,8 @@
+     break;
+   }
+   case fontCIDType2: {
+-    FoFiTrueType *ff;
+-    gint fd;
+-    gchar *temp_name;
+-    FILE *f;
+     gint n_cids;    
+     gushort *code_to_gid;
+-
+-    ff = FoFiTrueType::make((char *)contents, length);
+-    if (!ff)
+-      return getFontFaceFallback(font);
+-
+-    fd = g_file_open_tmp("gpdf-ttf-XXXXXX", &temp_name, NULL);
+-    f = fdopen(fd, "wb");
+-    ff->writeTTF(&fileWrite, f);
+-    delete ff;
+-    g_free(contents);
+-    fclose(f);
+-
+-    g_file_get_contents(temp_name, (gchar **)&contents, &length, NULL);
+-    unlink(temp_name);
+-    g_free(temp_name);
+-
+     gff = gpdf_font_face_download((const guchar *)font_name,
+ 				  (const guchar *)"",
+ 				  GNOME_FONT_REGULAR, FALSE,
================================================================

More information about the pld-cvs-commit mailing list