Throw exception if explicit coder does not exist (e.g. xyz:logo.png)

diff --git a/ChangeLog b/ChangeLog
index 3d23b516cccef0b79550f51fa29d61e150849248..2d4ff4ef68b3e7bcd0c67d3c87cc1db0d9e17066 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,3 @@
-2016-06-02  7.0.1-9 Cristy  <quetzlzacatenango@image...>
-  * Release ImageMagick version 7.0.1-9, GIT revision 18341:f4a35c3:20160602.
-
 2016-06-02  7.0.1-9 Cristy  <quetzlzacatenango@image...>
   * Fix small memory leak (patch provided by Андрей Черный).
   * Coder path traversal is not authorized (bug report provided by

diff --git a/MagickCore/image.c b/MagickCore/image.c
index a41ad0cc60a8c82b8cb582174baf1a6bd7cbc019..258bae2cce9647575788bb48f46549423f985e09 100644 (file)
--- a/MagickCore/image.c
+++ b/MagickCore/image.c
@@ -2671,26 +2671,33 @@ MagickExport MagickBooleanType SetImageInfo(ImageInfo *image_info,
   *magic='\0';
   GetPathComponent(image_info->filename,MagickPath,magic);
   if (*magic == '\0')
-    (void) CopyMagickString(magic,image_info->magick,MagickPathExtent);
+    {
+      (void) CopyMagickString(magic,image_info->magick,MagickPathExtent);
+      magick_info=GetMagickInfo(magic,sans_exception);
+    }
   else
     {
       /*
         User specified image format.
       */
       LocaleUpper(magic);
-      if (IsMagickConflict(magic) == MagickFalse)
+      magick_info=GetMagickInfo(magic,sans_exception);
+      if ((magick_info != (const MagickInfo *) NULL) &&
+          (IsMagickConflict(magic) == MagickFalse))
         {
           (void) CopyMagickString(image_info->magick,magic,MagickPathExtent);
           image_info->affirm=MagickTrue;
         }
     }
-  magick_info=GetMagickInfo(magic,sans_exception);
   sans_exception=DestroyExceptionInfo(sans_exception);
   if ((magick_info == (const MagickInfo *) NULL) ||
       (GetMagickEndianSupport(magick_info) == MagickFalse))
     image_info->endian=UndefinedEndian;
-  GetPathComponent(image_info->filename,CanonicalPath,component);
-  (void) CopyMagickString(image_info->filename,component,MagickPathExtent);
+  if (image_info->affirm != MagickFalse)
+    {
+      GetPathComponent(image_info->filename,CanonicalPath,component);
+      (void) CopyMagickString(image_info->filename,component,MagickPathExtent);
+    }
   if ((image_info->adjoin != MagickFalse) && (frames > 1))
     {
       /*

diff --git a/MagickCore/module.c b/MagickCore/module.c
index 1e97fe611de3e6ff0fdaf654aaff001276e36a65..15a7c0026ebf0e70af1f57ee18efa5897e4bedb9 100644 (file)
--- a/MagickCore/module.c
+++ b/MagickCore/module.c
@@ -548,16 +548,9 @@ static MagickBooleanType GetMagickModulePath(const char *filename,
   (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",filename);
   assert(path != (char *) NULL);
   assert(exception != (ExceptionInfo *) NULL);
+  if (strchr(filename,'/') != (char *) NULL)
+    return(MagickFalse);
   (void) CopyMagickString(path,filename,MagickPathExtent);
-#if defined(MAGICKCORE_INSTALLED_SUPPORT)
-  if (strstr(path,"../") != (char *) NULL)
-    {
-      errno=EPERM;
-      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
-        "NotAuthorized","`%s'",path);
-      return(MagickFalse);
-    }
-#endif
   module_path=(char *) NULL;
   switch (module_type)
   {