From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 14 Jan 2018 00:21:03 +0000 (-0500)
Subject: ...
X-Git-Tag: 7.0.7-22~83
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3a4cc57390dc79577a46993a680e85b0b7d9d9b2;p=imagemagick

...
---

diff --git a/MagickCore/policy.c b/MagickCore/policy.c
index d4aac5433..7e5ed11fc 100644
--- a/MagickCore/policy.c
+++ b/MagickCore/policy.c
@@ -1072,10 +1072,10 @@ MagickExport MagickBooleanType SetMagickSecurityPolicy(const char *policy,
 {
   PolicyInfo
     *p;
-  
+
   MagickBooleanType
     status;
-  
+
   assert(exception != (ExceptionInfo *) NULL);
   if (policy == (const char *) NULL)
     return(MagickFalse);
@@ -1107,9 +1107,10 @@ MagickExport MagickBooleanType SetMagickSecurityPolicy(const char *policy,
 %                                                                             %
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
-%  SetMagickSecurityPolicyValue() sets the a value in the ImageMagick security
-%  policy. It returns MagickFalse if the policy cannot be changed or if the
-%  policy does not parse.
+%  SetMagickSecurityPolicyValue() sets a value associated with an ImageMagick
+%  security policy.  For most policies, the value must be less than any value
+%  set by the security policy configuration file (i.e. policy.xml).  It returns
+%  MagickFalse if the policy cannot be modified or if the policy does not parse.
 %
 %  The format of the SetMagickSecurityPolicyValue method is:
 %
@@ -1138,9 +1139,6 @@ static MagickBooleanType SetPolicyValue(const PolicyDomain domain,
   register PolicyInfo
     *p;
 
-  register char
-    *q;
-
   status=MagickTrue;
   LockSemaphoreInfo(policy_semaphore);
   ResetLinkedListIterator(policy_cache);
@@ -1188,8 +1186,6 @@ MagickExport MagickBooleanType SetMagickSecurityPolicyValue(
   {
     case CachePolicyDomain:
     {
-      if (LocaleCompare(name,"synchronize") == 0)
-        return(SetPolicyValue(domain,name,value));
       if (LocaleCompare(name,"memory-map") == 0)
         {
           if (LocaleCompare(value,"anonymous") != 0)
@@ -1198,65 +1194,68 @@ MagickExport MagickBooleanType SetMagickSecurityPolicyValue(
           ResetStreamAnonymousMemory();
           return(SetPolicyValue(domain,name,value));
         }
+      if (LocaleCompare(name,"synchronize") == 0)
+        return(SetPolicyValue(domain,name,value));
+      break;
     }
-    case SystemPolicyDomain:
+    case ResourcePolicyDomain:
     {
-      if (LocaleCompare(name,"precision") == 0)
+      ssize_t
+        type;
+
+      if (LocaleCompare(name,"temporary-path") == 0)
+        return(SetPolicyValue(domain,name,value));
+      type=ParseCommandOption(MagickResourceOptions,MagickFalse,name);
+      if (type >= 0)
         {
-          ResetMagickPrecision();
-          return(SetPolicyValue(domain,name,value));
+          MagickSizeType
+            limit;
+
+          limit=MagickResourceInfinity;
+          if (LocaleCompare("unlimited",value) != 0)
+            limit=StringToMagickSizeType(value,100.0);
+          return(SetMagickResourceLimit((ResourceType) type,limit));
         }
-      if (LocaleCompare(name,"shred") == 0)
+      break;
+    }
+    case SystemPolicyDomain:
+    {
+      if (LocaleCompare(name,"max-memory-request") == 0)
         {
-          current_value=GetPolicyValue("system:shred");
+          current_value=GetPolicyValue("system:max-memory-request");
           if ((current_value == (char *) NULL) ||
-              (StringToInteger(value) > StringToInteger(current_value)))
-            return(SetPolicyValue(domain,name,value));
+              (StringToSizeType(value,100.0) < StringToSizeType(current_value,100.0)))
+            {
+              ResetMaxMemoryRequest();
+              return(SetPolicyValue(domain,name,value));
+            }
         }
-      else if (LocaleCompare(name,"memory-map") == 0)
+      if (LocaleCompare(name,"memory-map") == 0)
         {
           if (LocaleCompare(value,"anonymous") != 0)
             return(MagickFalse);
           ResetVirtualAnonymousMemory();
           return(SetPolicyValue(domain,name,value));
         }
-      else if (LocaleCompare(name,"max-memory-request") == 0)
+      if (LocaleCompare(name,"precision") == 0)
         {
-          current_value=GetPolicyValue("system:max-memory-request");
-          if ((current_value == (char *) NULL) ||
-              (StringToSizeType(value,100.0) < StringToSizeType(
-                current_value,100.0)))
-            {
-              ResetMaxMemoryRequest();
-              return(SetPolicyValue(domain,name,value));
-            }
+          ResetMagickPrecision();
+          return(SetPolicyValue(domain,name,value));
         }
-    }
-    case ResourcePolicyDomain:
-    {
-      if (LocaleCompare(name,"temporary-path") == 0)
-        return(SetPolicyValue(domain,name,value));
-      else
+      if (LocaleCompare(name,"shred") == 0)
         {
-          MagickSizeType
-            limit;
-
-          ResourceType
-            type;
-
-          type=(ResourceType) ParseCommandOption(MagickResourceOptions,
-            MagickFalse,name);
-          limit=MagickResourceInfinity;
-          if (LocaleCompare("unlimited",value) != 0)
-            limit=StringToMagickSizeType(value,100.0);
-          return(SetMagickResourceLimit(type,limit));
-      }
+          current_value=GetPolicyValue("system:shred");
+          if ((current_value == (char *) NULL) ||
+              (StringToInteger(value) > StringToInteger(current_value)))
+            return(SetPolicyValue(domain,name,value));
+        }
+      break;
     }
-    default:
     case CoderPolicyDomain:
     case DelegatePolicyDomain:
     case FilterPolicyDomain:
     case PathPolicyDomain:
+    default:
       break;
   }
   return(MagickFalse);