Added new class to change settings in the security policy.

Credit to OSS-Fuzz

diff --git a/Magick++/Makefile.am b/Magick++/Makefile.am
index b4add14678f337df1685583eb6766b8d74b5a82b..44c287b0ea704d28cfb244a8de710f259ab456d5 100644 (file)
--- a/Magick++/Makefile.am
+++ b/Magick++/Makefile.am
@@ -85,6 +85,7 @@ Magick___lib_libMagick___@MAGICK_MAJOR_VERSION@_@MAGICK_ABI_SUFFIX@_la_SOURCES =
        Magick++/lib/Options.cpp \
        Magick++/lib/Pixels.cpp \
        Magick++/lib/ResourceLimits.cpp \
+       Magick++/lib/SecurityPolicy.cpp \
        Magick++/lib/Statistic.cpp \
        Magick++/lib/STL.cpp \
        Magick++/lib/Thread.cpp \
@@ -105,6 +106,7 @@ Magick___lib_libMagick___@MAGICK_MAJOR_VERSION@_@MAGICK_ABI_SUFFIX@_la_SOURCES =
        Magick++/lib/Magick++/Options.h \
        Magick++/lib/Magick++/Pixels.h \
        Magick++/lib/Magick++/ResourceLimits.h \
+       Magick++/lib/Magick++/SecurityPolicy.h \
        Magick++/lib/Magick++/Statistic.h \
        Magick++/lib/Magick++/STL.h \
        Magick++/lib/Magick++/Thread.h \
@@ -137,6 +139,7 @@ MAGICKPP_INCHEADERS_OPT = \
        Magick++/lib/Magick++/Montage.h \
        Magick++/lib/Magick++/Pixels.h \
        Magick++/lib/Magick++/ResourceLimits.h \
+       Magick++/lib/Magick++/SecurityPolicy.h \
        Magick++/lib/Magick++/Statistic.h \
        Magick++/lib/Magick++/STL.h \
        Magick++/lib/Magick++/TypeMetric.h

diff --git a/Magick++/fuzz/utils.cc b/Magick++/fuzz/utils.cc
index b70b05ad1bea7caa29698b9617d50cfb9ae3ef00..e8e22bcd1e32b60110755e8cfd75c80b21c0c380 100644 (file)
--- a/Magick++/fuzz/utils.cc
+++ b/Magick++/fuzz/utils.cc
@@ -1,8 +1,10 @@
 #include <Magick++/ResourceLimits.h>
+#include <Magick++/SecurityPolicy.h>
 
 class FuzzingLimits {
 public:
   FuzzingLimits() {
+    Magick::SecurityPolicy::maxMemoryRequest(256000000);
     Magick::ResourceLimits::memory(1000000000);
   }
 };

diff --git a/Magick++/lib/Magick++/Include.h b/Magick++/lib/Magick++/Include.h
index bbb1d62f8df6eb843b28375cb66362773a85d2b4..fd05c1bbf5a675bf2979cf44f838b2900b43142f 100644 (file)
--- a/Magick++/lib/Magick++/Include.h
+++ b/Magick++/lib/Magick++/Include.h
@@ -963,6 +963,17 @@ namespace Magick
   using MagickCore::UpdatePixelTrait;
   using MagickCore::BlendPixelTrait;
 
+  // Policy domains
+  using MagickCore::PolicyDomain;
+  using MagickCore::UndefinedPolicyDomain;
+  using MagickCore::CoderPolicyDomain;
+  using MagickCore::DelegatePolicyDomain;
+  using MagickCore::FilterPolicyDomain;
+  using MagickCore::PathPolicyDomain;
+  using MagickCore::ResourcePolicyDomain;
+  using MagickCore::SystemPolicyDomain;
+  using MagickCore::CachePolicyDomain;
+
   // Preview types.  Not currently used by Magick++
   using MagickCore::PreviewType;
   using MagickCore::UndefinedPreview;

diff --git a/Magick++/lib/Magick++/SecurityPolicy.h b/Magick++/lib/Magick++/SecurityPolicy.h
new file mode 100644 (file)
index 0000000..b1b7287
--- /dev/null
+++ b/Magick++/lib/Magick++/SecurityPolicy.h
@@ -0,0 +1,45 @@
+// This may look like C code, but it is really -*- C++ -*-
+//
+// Copyright Dirk Lemstra 2018
+//
+// Definition of the security policy.
+//
+
+#if !defined(Magick_SecurityPolicy_header)
+#define Magick_SecurityPolicy_header
+
+#include "Magick++/Include.h"
+#include <string>
+
+namespace Magick
+{
+  class MagickPPExport SecurityPolicy
+  {
+  public:
+
+    // The maximum number of significant digits to be printed.
+    static bool precision(const int precision_);
+
+    // Enables anonymous mapping for pixel cache.
+    static bool anonymousCacheMemoryMap();
+
+    // Enables anonymous virtual memory.
+    static bool anonymousSystemMemoryMap();
+
+    // The memory request limit in bytes.
+    static bool maxMemoryRequest(const MagickSizeType limit_);
+
+    // The number of passes to use when shredding files.
+    static bool shred(const int passes_);
+
+  private:
+    SecurityPolicy(void);
+
+    static bool setValue(const PolicyDomain domain_, const std::string name_,
+      const std::string value_);
+
+  }; // class SecurityPolicy
+
+} // Magick namespace
+
+#endif // Magick_SecurityPolicy_header

diff --git a/Magick++/lib/SecurityPolicy.cpp b/Magick++/lib/SecurityPolicy.cpp
new file mode 100644 (file)
index 0000000..c9cfec2
--- /dev/null
+++ b/Magick++/lib/SecurityPolicy.cpp
@@ -0,0 +1,69 @@
+// This may look like C code, but it is really -*- C++ -*-
+//
+// Copyright Dirk Lemstra 2018
+//
+// Implementation of the security policy.
+//
+
+#define MAGICKCORE_IMPLEMENTATION  1
+#define MAGICK_PLUSPLUS_IMPLEMENTATION 1
+
+#include "Magick++/SecurityPolicy.h"
+#include "Magick++/Exception.h"
+#include <string>
+
+using namespace std;
+
+bool Magick::SecurityPolicy::anonymousCacheMemoryMap()
+{
+  return(setValue(CachePolicyDomain,"memory-map","anonymous"));
+}
+
+bool Magick::SecurityPolicy::anonymousSystemMemoryMap()
+{
+  return(setValue(SystemPolicyDomain,"memory-map","anonymous"));
+}
+
+bool Magick::SecurityPolicy::precision(const int precision_)
+{
+  string
+    value;
+
+  value=to_string(precision_);
+  return(setValue(SystemPolicyDomain,"precision",value));
+}
+
+bool Magick::SecurityPolicy::maxMemoryRequest(const MagickSizeType limit_)
+{
+  string
+    value;
+
+  value=to_string(limit_);
+  return(setValue(SystemPolicyDomain,"max-memory-request",value));
+}
+
+bool Magick::SecurityPolicy::shred(const int passes_)
+{
+  string
+    value;
+
+  value=to_string(passes_);
+  return(setValue(SystemPolicyDomain,"shred",value));
+}
+
+Magick::SecurityPolicy::SecurityPolicy()
+{
+}
+
+bool Magick::SecurityPolicy::setValue(const PolicyDomain domain_,
+  const std::string name_,const std::string value_)
+{
+  MagickBooleanType
+    status;
+
+  GetPPException;
+  status=MagickCore::SetMagickSecurityPolicyValue(domain_,name_.c_str(),
+    value_.c_str(),exceptionInfo);
+  ThrowPPException(false);
+  return(status != MagickFalse);
+}
\ No newline at end of file