From: Cristy Date: Sat, 10 Jun 2017 17:11:48 +0000 (-0400) Subject: https://github.com/ImageMagick/ImageMagick/issues/407 X-Git-Tag: 7.0.6-0~8 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0047e5b1cc60f5587b99efa381f81a23b006d27f;p=imagemagick https://github.com/ImageMagick/ImageMagick/issues/407 --- diff --git a/ChangeLog b/ChangeLog index 22d1ecbb2..6e8a9023c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2017-06-10 7.0.6-0 Cristy + * Introduce SetMagickSecurityPolicy() (MagickCore) and + MagickSetSecurityPolicy() (MagickWand) to set the ImageMagick security + policy (reference https://github.com/ImageMagick/ImageMagick/issues/407). + 2017-06-02 7.0.5-10 Cristy * Release ImageMagick version 7.0.5-10, GIT revision 20155:38ebc02:20170602. diff --git a/MagickCore/policy.c b/MagickCore/policy.c index 377279f33..784346b5f 100644 --- a/MagickCore/policy.c +++ b/MagickCore/policy.c @@ -52,6 +52,7 @@ #include "MagickCore/option.h" #include "MagickCore/policy.h" #include "MagickCore/policy-private.h" +#include "MagickCore/resource-private.h" #include "MagickCore/semaphore.h" #include "MagickCore/string_.h" #include "MagickCore/token.h" @@ -1037,3 +1038,52 @@ MagickPrivate void PolicyComponentTerminus(void) UnlockSemaphoreInfo(policy_semaphore); RelinquishSemaphoreInfo(&policy_semaphore); } + +/* +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% % +% % +% % +% S e t M a g i c k S e c u r i t y P o l i c y % +% % +% % +% % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +% SetMagickSecurityPolicy() sets the ImageMagick security policy. It returns +% MagickFalse if the policy is already set or if the policy does not parse. +% +% The format of the SetMagickSecurityPolicy method is: +% +% MagickBooleanType SetMagickSecurityPolicy(const char *policy, +% ExceptionInfo *exception) +% +% A description of each parameter follows: +% +% o policy: the security policy in the XML format. +% +% o exception: return any errors or warnings in this structure. +% +*/ +MagickExport MagickBooleanType SetMagickSecurityPolicy(const char *policy, + ExceptionInfo *exception) +{ + PolicyInfo + *p; + + MagickBooleanType + status; + + LockSemaphoreInfo(policy_semaphore); + ResetLinkedListIterator(policy_cache); + p=(PolicyInfo *) GetNextValueInLinkedList(policy_cache); + if ((p == (PolicyInfo *) NULL) || (p->domain != UndefinedPolicyDomain)) + { + UnlockSemaphoreInfo(policy_semaphore); + return(MagickFalse); + } + UnlockSemaphoreInfo(policy_semaphore); + status=LoadPolicyCache(policy_cache,policy,"[user-policy]",0,exception); + ResourceComponentGenesis(); + return(status); +} diff --git a/MagickCore/policy.h b/MagickCore/policy.h index bd404f1cc..2723e5c4d 100644 --- a/MagickCore/policy.h +++ b/MagickCore/policy.h @@ -59,7 +59,8 @@ extern MagickExport const PolicyInfo extern MagickExport MagickBooleanType IsRightsAuthorized(const PolicyDomain,const PolicyRights,const char *), - ListPolicyInfo(FILE *,ExceptionInfo *); + ListPolicyInfo(FILE *,ExceptionInfo *), + SetMagickSecurityPolicy(const char *,ExceptionInfo *); #if defined(__cplusplus) || defined(c_plusplus) } diff --git a/MagickWand/magick-property.c b/MagickWand/magick-property.c index 358ca864d..0d54df331 100644 --- a/MagickWand/magick-property.c +++ b/MagickWand/magick-property.c @@ -2858,6 +2858,43 @@ WandExport MagickBooleanType MagickSetSamplingFactors(MagickWand *wand, % % % % % % +% M a g i c k S e t S e c u r i t y P o l i c y % +% % +% % +% % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +% MagickSetSecurityPolicy() sets the ImageMagick security policy. It returns +% MagickFalse if the policy is already set or if the policy does not parse. +% +% The format of the MagickSetAntialias method is: +% +% MagickBooleanType MagickSetAntialias(MagickWand *wand, +% const char *policy) +% +% A description of each parameter follows: +% +% o wand: the magick wand. +% +% o policy: the security policy in the XML format. +% +*/ +WandExport MagickBooleanType MagickSetSecurityPolicy(MagickWand *wand, + const char *policy) +{ + assert(wand != (MagickWand *) NULL); + assert(wand->signature == MagickWandSignature); + if (wand->debug != MagickFalse) + (void) LogMagickEvent(WandEvent,GetMagickModule(),"%s",wand->name); + + return(SetMagickSecurityPolicy(policy,wand->exception)); +} + +/* +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% % +% % +% % % M a g i c k S e t S i z e % % % % % diff --git a/MagickWand/magick-property.h b/MagickWand/magick-property.h index 7d1f71bf9..ec6e77c53 100644 --- a/MagickWand/magick-property.h +++ b/MagickWand/magick-property.h @@ -111,6 +111,7 @@ extern WandExport MagickBooleanType MagickSetResolution(MagickWand *,const double,const double), MagickSetResourceLimit(const ResourceType type,const MagickSizeType limit), MagickSetSamplingFactors(MagickWand *,const size_t,const double *), + MagickSetSecurityPolicy(MagickWand *,const char *), MagickSetSize(MagickWand *,const size_t,const size_t), MagickSetSizeOffset(MagickWand *,const size_t,const size_t,const ssize_t), MagickSetType(MagickWand *,const ImageType); diff --git a/config/policy.xml b/config/policy.xml index 55e4611ac..1b92c6bee 100644 --- a/config/policy.xml +++ b/config/policy.xml @@ -75,5 +75,5 @@ - +