https://github.com/ImageMagick/ImageMagick/issues/407

diff --git a/ChangeLog b/ChangeLog
index 22d1ecbb2d55abd5cf11930a0112b0a3a70b4ee2..6e8a9023ca119b6c9b7149cf15a889433d559c6b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-06-10  7.0.6-0 Cristy  <quetzlzacatenango@image...>
+  * Introduce SetMagickSecurityPolicy() (MagickCore) and
+    MagickSetSecurityPolicy() (MagickWand) to set the ImageMagick security
+    policy (reference https://github.com/ImageMagick/ImageMagick/issues/407).
+
 2017-06-02  7.0.5-10 Cristy  <quetzlzacatenango@image...>
   * Release ImageMagick version 7.0.5-10, GIT revision 20155:38ebc02:20170602.
 

diff --git a/MagickCore/policy.c b/MagickCore/policy.c
index 377279f33ab5c2b25bd22edec8481e36261c6d7c..784346b5fd42db72726a9513fec4c6e1ee458243 100644 (file)
--- a/MagickCore/policy.c
+++ b/MagickCore/policy.c
@@ -52,6 +52,7 @@
 #include "MagickCore/option.h"
 #include "MagickCore/policy.h"
 #include "MagickCore/policy-private.h"
+#include "MagickCore/resource-private.h"
 #include "MagickCore/semaphore.h"
 #include "MagickCore/string_.h"
 #include "MagickCore/token.h"
@@ -1037,3 +1038,52 @@ MagickPrivate void PolicyComponentTerminus(void)
   UnlockSemaphoreInfo(policy_semaphore);
   RelinquishSemaphoreInfo(&policy_semaphore);
 }
+\f
+/*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%                                                                             %
+%                                                                             %
+%                                                                             %
+%  S e t M a g i c k S e c u r i t y P o l i c y                              %
+%                                                                             %
+%                                                                             %
+%                                                                             %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%
+%  SetMagickSecurityPolicy() sets the ImageMagick security policy.  It returns
+%  MagickFalse if the policy is already set or if the policy does not parse.
+%
+%  The format of the SetMagickSecurityPolicy method is:
+%
+%      MagickBooleanType SetMagickSecurityPolicy(const char *policy,
+%        ExceptionInfo *exception)
+%
+%  A description of each parameter follows:
+%
+%    o policy: the security policy in the XML format.
+%
+%    o exception: return any errors or warnings in this structure.
+%
+*/
+MagickExport MagickBooleanType SetMagickSecurityPolicy(const char *policy,
+  ExceptionInfo *exception)
+{
+  PolicyInfo
+    *p;
+  
+  MagickBooleanType
+    status;
+  
+  LockSemaphoreInfo(policy_semaphore);
+  ResetLinkedListIterator(policy_cache);
+  p=(PolicyInfo *) GetNextValueInLinkedList(policy_cache);
+  if ((p == (PolicyInfo *) NULL) || (p->domain != UndefinedPolicyDomain))
+    {
+      UnlockSemaphoreInfo(policy_semaphore);
+      return(MagickFalse);
+    }
+  UnlockSemaphoreInfo(policy_semaphore);
+  status=LoadPolicyCache(policy_cache,policy,"[user-policy]",0,exception);
+  ResourceComponentGenesis();
+  return(status);
+}

diff --git a/MagickCore/policy.h b/MagickCore/policy.h
index bd404f1ccc73aee7b727c2404f847a902859a576..2723e5c4d6915f836aeeebbd97edbfd431aa6f46 100644 (file)
--- a/MagickCore/policy.h
+++ b/MagickCore/policy.h
@@ -59,7 +59,8 @@ extern MagickExport const PolicyInfo
 
 extern MagickExport MagickBooleanType
   IsRightsAuthorized(const PolicyDomain,const PolicyRights,const char *),
-  ListPolicyInfo(FILE *,ExceptionInfo *);
+  ListPolicyInfo(FILE *,ExceptionInfo *),
+  SetMagickSecurityPolicy(const char *,ExceptionInfo *);
 
 #if defined(__cplusplus) || defined(c_plusplus)
 }

diff --git a/MagickWand/magick-property.c b/MagickWand/magick-property.c
index 358ca864def90f5b80ddc6ba44c774f9a350505e..0d54df331132b53be0c9ea9e1baa40ba3d370d7c 100644 (file)
--- a/MagickWand/magick-property.c
+++ b/MagickWand/magick-property.c
@@ -2858,6 +2858,43 @@ WandExport MagickBooleanType MagickSetSamplingFactors(MagickWand *wand,
 %                                                                             %
 %                                                                             %
 %                                                                             %
+%   M a g i c k S e t S e c u r i t y P o l i c y                             %
+%                                                                             %
+%                                                                             %
+%                                                                             %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%
+%  MagickSetSecurityPolicy() sets the ImageMagick security policy.  It returns
+%  MagickFalse if the policy is already set or if the policy does not parse.
+%
+%  The format of the MagickSetAntialias method is:
+%
+%      MagickBooleanType MagickSetAntialias(MagickWand *wand,
+%        const char *policy)
+%
+%  A description of each parameter follows:
+%
+%    o wand: the magick wand.
+%
+%    o policy: the security policy in the XML format.
+%
+*/
+WandExport MagickBooleanType MagickSetSecurityPolicy(MagickWand *wand,
+  const char *policy)
+{
+  assert(wand != (MagickWand *) NULL);
+  assert(wand->signature == MagickWandSignature);
+  if (wand->debug != MagickFalse)
+    (void) LogMagickEvent(WandEvent,GetMagickModule(),"%s",wand->name);
+
+  return(SetMagickSecurityPolicy(policy,wand->exception));
+}
+\f
+/*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%                                                                             %
+%                                                                             %
+%                                                                             %
 %   M a g i c k S e t S i z e                                                 %
 %                                                                             %
 %                                                                             %

diff --git a/MagickWand/magick-property.h b/MagickWand/magick-property.h
index 7d1f71bf97400de8e88465414d337f0c3bd281a7..ec6e77c5367c76cf98b480274e961576fbc3802b 100644 (file)
--- a/MagickWand/magick-property.h
+++ b/MagickWand/magick-property.h
@@ -111,6 +111,7 @@ extern WandExport MagickBooleanType
   MagickSetResolution(MagickWand *,const double,const double),
   MagickSetResourceLimit(const ResourceType type,const MagickSizeType limit),
   MagickSetSamplingFactors(MagickWand *,const size_t,const double *),
+  MagickSetSecurityPolicy(MagickWand *,const char *),
   MagickSetSize(MagickWand *,const size_t,const size_t),
   MagickSetSizeOffset(MagickWand *,const size_t,const size_t,const ssize_t),
   MagickSetType(MagickWand *,const ImageType);

diff --git a/config/policy.xml b/config/policy.xml
index 55e4611ac77ed8d10c3f67c49f1fffee7991d0d3..1b92c6bee3998a6cd3ec62350ff20356897bed5b 100644 (file)
--- a/config/policy.xml
+++ b/config/policy.xml
@@ -75,5 +75,5 @@
   <!-- <policy domain="path" rights="none" pattern="@*" /> -->
   <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
   <!-- <policy domain="cache" name="synchronize" value="True"/> -->
-  <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+  <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
 </policymap>