From: Dirk Lemstra Date: Sun, 14 Jan 2018 01:02:49 +0000 (+0100) Subject: Added new class to change settings in the security policy. X-Git-Tag: 7.0.7-22~80 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9b83ac984b589af7232d89670b8fc92f67e308a4;p=imagemagick Added new class to change settings in the security policy. Credit to OSS-Fuzz --- diff --git a/Magick++/Makefile.am b/Magick++/Makefile.am index b4add1467..44c287b0e 100644 --- a/Magick++/Makefile.am +++ b/Magick++/Makefile.am @@ -85,6 +85,7 @@ Magick___lib_libMagick___@MAGICK_MAJOR_VERSION@_@MAGICK_ABI_SUFFIX@_la_SOURCES = Magick++/lib/Options.cpp \ Magick++/lib/Pixels.cpp \ Magick++/lib/ResourceLimits.cpp \ + Magick++/lib/SecurityPolicy.cpp \ Magick++/lib/Statistic.cpp \ Magick++/lib/STL.cpp \ Magick++/lib/Thread.cpp \ @@ -105,6 +106,7 @@ Magick___lib_libMagick___@MAGICK_MAJOR_VERSION@_@MAGICK_ABI_SUFFIX@_la_SOURCES = Magick++/lib/Magick++/Options.h \ Magick++/lib/Magick++/Pixels.h \ Magick++/lib/Magick++/ResourceLimits.h \ + Magick++/lib/Magick++/SecurityPolicy.h \ Magick++/lib/Magick++/Statistic.h \ Magick++/lib/Magick++/STL.h \ Magick++/lib/Magick++/Thread.h \ @@ -137,6 +139,7 @@ MAGICKPP_INCHEADERS_OPT = \ Magick++/lib/Magick++/Montage.h \ Magick++/lib/Magick++/Pixels.h \ Magick++/lib/Magick++/ResourceLimits.h \ + Magick++/lib/Magick++/SecurityPolicy.h \ Magick++/lib/Magick++/Statistic.h \ Magick++/lib/Magick++/STL.h \ Magick++/lib/Magick++/TypeMetric.h diff --git a/Magick++/fuzz/utils.cc b/Magick++/fuzz/utils.cc index b70b05ad1..e8e22bcd1 100644 --- a/Magick++/fuzz/utils.cc +++ b/Magick++/fuzz/utils.cc @@ -1,8 +1,10 @@ #include +#include class FuzzingLimits { public: FuzzingLimits() { + Magick::SecurityPolicy::maxMemoryRequest(256000000); Magick::ResourceLimits::memory(1000000000); } }; diff --git a/Magick++/lib/Magick++/Include.h b/Magick++/lib/Magick++/Include.h index bbb1d62f8..fd05c1bbf 100644 --- a/Magick++/lib/Magick++/Include.h +++ b/Magick++/lib/Magick++/Include.h @@ -963,6 +963,17 @@ namespace Magick using MagickCore::UpdatePixelTrait; using MagickCore::BlendPixelTrait; + // Policy domains + using MagickCore::PolicyDomain; + using MagickCore::UndefinedPolicyDomain; + using MagickCore::CoderPolicyDomain; + using MagickCore::DelegatePolicyDomain; + using MagickCore::FilterPolicyDomain; + using MagickCore::PathPolicyDomain; + using MagickCore::ResourcePolicyDomain; + using MagickCore::SystemPolicyDomain; + using MagickCore::CachePolicyDomain; + // Preview types. Not currently used by Magick++ using MagickCore::PreviewType; using MagickCore::UndefinedPreview; diff --git a/Magick++/lib/Magick++/SecurityPolicy.h b/Magick++/lib/Magick++/SecurityPolicy.h new file mode 100644 index 000000000..b1b7287ae --- /dev/null +++ b/Magick++/lib/Magick++/SecurityPolicy.h @@ -0,0 +1,45 @@ +// This may look like C code, but it is really -*- C++ -*- +// +// Copyright Dirk Lemstra 2018 +// +// Definition of the security policy. +// + +#if !defined(Magick_SecurityPolicy_header) +#define Magick_SecurityPolicy_header + +#include "Magick++/Include.h" +#include + +namespace Magick +{ + class MagickPPExport SecurityPolicy + { + public: + + // The maximum number of significant digits to be printed. + static bool precision(const int precision_); + + // Enables anonymous mapping for pixel cache. + static bool anonymousCacheMemoryMap(); + + // Enables anonymous virtual memory. + static bool anonymousSystemMemoryMap(); + + // The memory request limit in bytes. + static bool maxMemoryRequest(const MagickSizeType limit_); + + // The number of passes to use when shredding files. + static bool shred(const int passes_); + + private: + SecurityPolicy(void); + + static bool setValue(const PolicyDomain domain_, const std::string name_, + const std::string value_); + + }; // class SecurityPolicy + +} // Magick namespace + +#endif // Magick_SecurityPolicy_header diff --git a/Magick++/lib/SecurityPolicy.cpp b/Magick++/lib/SecurityPolicy.cpp new file mode 100644 index 000000000..c9cfec277 --- /dev/null +++ b/Magick++/lib/SecurityPolicy.cpp @@ -0,0 +1,69 @@ +// This may look like C code, but it is really -*- C++ -*- +// +// Copyright Dirk Lemstra 2018 +// +// Implementation of the security policy. +// + +#define MAGICKCORE_IMPLEMENTATION 1 +#define MAGICK_PLUSPLUS_IMPLEMENTATION 1 + +#include "Magick++/SecurityPolicy.h" +#include "Magick++/Exception.h" +#include + +using namespace std; + +bool Magick::SecurityPolicy::anonymousCacheMemoryMap() +{ + return(setValue(CachePolicyDomain,"memory-map","anonymous")); +} + +bool Magick::SecurityPolicy::anonymousSystemMemoryMap() +{ + return(setValue(SystemPolicyDomain,"memory-map","anonymous")); +} + +bool Magick::SecurityPolicy::precision(const int precision_) +{ + string + value; + + value=to_string(precision_); + return(setValue(SystemPolicyDomain,"precision",value)); +} + +bool Magick::SecurityPolicy::maxMemoryRequest(const MagickSizeType limit_) +{ + string + value; + + value=to_string(limit_); + return(setValue(SystemPolicyDomain,"max-memory-request",value)); +} + +bool Magick::SecurityPolicy::shred(const int passes_) +{ + string + value; + + value=to_string(passes_); + return(setValue(SystemPolicyDomain,"shred",value)); +} + +Magick::SecurityPolicy::SecurityPolicy() +{ +} + +bool Magick::SecurityPolicy::setValue(const PolicyDomain domain_, + const std::string name_,const std::string value_) +{ + MagickBooleanType + status; + + GetPPException; + status=MagickCore::SetMagickSecurityPolicyValue(domain_,name_.c_str(), + value_.c_str(),exceptionInfo); + ThrowPPException(false); + return(status != MagickFalse); +} \ No newline at end of file