Support "module" security policy

diff --git a/MagickCore/module.c b/MagickCore/module.c
index 29cf57672098548c7d9322b9df5d9ffb03517505..2baffed848e04a4eec9ca023cfbac7c5a1ed26d9 100644 (file)
--- a/MagickCore/module.c
+++ b/MagickCore/module.c
@@ -959,6 +959,14 @@ MagickExport MagickBooleanType InvokeDynamicImageFilter(const char *tag,
   if ((*images)->debug != MagickFalse)
     (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",
       (*images)->filename);
+  rights=ReadPolicyRights;
+  if (IsRightsAuthorized(FilterPolicyDomain,rights,tag) == MagickFalse)
+    {
+      errno=EPERM;
+      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
+        "NotAuthorized","`%s'",tag);
+      return(MagickFalse);
+    }
 #if !defined(MAGICKCORE_BUILD_MODULES)
   {
     MagickBooleanType
@@ -969,14 +977,6 @@ MagickExport MagickBooleanType InvokeDynamicImageFilter(const char *tag,
       return(status);
   }
 #endif
-  rights=ReadPolicyRights;
-  if (IsRightsAuthorized(FilterPolicyDomain,rights,tag) == MagickFalse)
-    {
-      errno=EPERM;
-      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
-        "NotAuthorized","`%s'",tag);
-      return(MagickFalse);
-    }
   TagToFilterModuleName(tag,name);
   status=GetMagickModulePath(name,MagickImageFilterModule,path,exception);
   if (status == MagickFalse)
@@ -1234,6 +1234,9 @@ MagickPrivate MagickBooleanType OpenModule(const char *module,
   ModuleInfo
     *module_info;
 
+  PolicyRights
+    rights;
+
   register const CoderInfo
     *p;
 
@@ -1247,6 +1250,14 @@ MagickPrivate MagickBooleanType OpenModule(const char *module,
   module_info=(ModuleInfo *) GetModuleInfo(module,exception);
   if (module_info != (ModuleInfo *) NULL)
     return(MagickTrue);
+  rights=ReadPolicyRights;
+  if (IsRightsAuthorized(ModulePolicyDomain,rights,tag) == MagickFalse)
+    {
+      errno=EPERM;
+      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
+        "NotAuthorized","`%s'",tag);
+      return(MagickFalse);
+    }
   (void) CopyMagickString(module_name,module,MagickPathExtent);
   p=GetCoderInfo(module,exception);
   if (p != (CoderInfo *) NULL)

diff --git a/MagickCore/option.c b/MagickCore/option.c
index c3c5c7fb9c9391c6c1ba641c7efccbc140f791a2..78c90b42cf0c6a7c82328942f4f1086dd45c5873 100644 (file)
--- a/MagickCore/option.c
+++ b/MagickCore/option.c
@@ -1834,6 +1834,7 @@ static const OptionInfo
     { "Coder", CoderPolicyDomain, UndefinedOptionFlag, MagickFalse },
     { "Delegate", DelegatePolicyDomain, UndefinedOptionFlag, MagickFalse },
     { "Filter", FilterPolicyDomain, UndefinedOptionFlag, MagickFalse },
+    { "Module", ModulePolicyDomain, UndefinedOptionFlag, MagickFalse },
     { "Path", PathPolicyDomain, UndefinedOptionFlag, MagickFalse },
     { "Resource", ResourcePolicyDomain, UndefinedOptionFlag, MagickFalse },
     { "System", SystemPolicyDomain, UndefinedOptionFlag, MagickFalse },

diff --git a/MagickCore/policy.c b/MagickCore/policy.c
index 1c47c746f6f48459985d2a71750420951fdbf337..b17ac464948a4a2324bb2051c70458c33fe7f3b1 100644 (file)
--- a/MagickCore/policy.c
+++ b/MagickCore/policy.c
@@ -1254,6 +1254,7 @@ MagickExport MagickBooleanType SetMagickSecurityPolicyValue(
     case CoderPolicyDomain:
     case DelegatePolicyDomain:
     case FilterPolicyDomain:
+    case ModulePolicyDomain:
     case PathPolicyDomain:
     default:
       break;

diff --git a/MagickCore/policy.h b/MagickCore/policy.h
index c29af372b610f6428c089babc9a75ad75e5647c2..363a0c3cb1d243e2adf490fc2388253c283863cb 100644 (file)
--- a/MagickCore/policy.h
+++ b/MagickCore/policy.h
@@ -34,7 +34,8 @@ typedef enum
   PathPolicyDomain,
   ResourcePolicyDomain,
   SystemPolicyDomain,
-  CachePolicyDomain
+  CachePolicyDomain,
+  ModulePolicyDomain
 } PolicyDomain;
 
 typedef enum

diff --git a/config/policy.xml b/config/policy.xml
index 0d854269dbb112e2a98619001322a82530f4a3c4..49e600e1a715c3e24c6d178d0798bd16cea0b0dd 100644 (file)
--- a/config/policy.xml
+++ b/config/policy.xml
@@ -69,6 +69,7 @@
   <!-- <policy domain="resource" name="throttle" value="0"/> -->
   <!-- <policy domain="resource" name="time" value="3600"/> -->
   <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
+  <!-- <policy domain="module" rights="none" pattern="{ps,pdf,xps}" /> -->
   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
   <!-- <policy domain="path" rights="none" pattern="@*" /> -->
   <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->