From 9c23730af150212034e3024a07dff33d8b2ad23b Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 25 Aug 2018 10:27:28 -0400
Subject: [PATCH] Add check for module security policy

---
 MagickCore/coder-private.h | 17 ++++++++
 MagickCore/constitute.c    | 83 +++++++++++++-------------------------
 2 files changed, 45 insertions(+), 55 deletions(-)

diff --git a/MagickCore/coder-private.h b/MagickCore/coder-private.h
index cc9b0aca2..3a688987f 100644
--- a/MagickCore/coder-private.h
+++ b/MagickCore/coder-private.h
@@ -22,12 +22,29 @@
 extern "C" {
 #endif
 
+#include "MagickCore/exception-private.h"
+#include "MagickCore/policy.h"
+
 extern MagickPrivate MagickBooleanType
   CoderComponentGenesis(void);
 
 extern MagickPrivate void
   CoderComponentTerminus(void);
 
+static inline MagickBooleanType IsCoderAuthorized(const char *module,
+  const char *coder,const PolicyRights rights,ExceptionInfo *exception)
+{
+  if ((IsRightsAuthorized(ModulePolicyDomain,rights,module) == MagickFalse) ||
+      (IsRightsAuthorized(CoderPolicyDomain,rights,coder) == MagickFalse))
+    {
+      errno=EPERM;
+      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
+        "NotAuthorized","`%s:%s'",module,coder);
+      return(MagickFalse);
+    }
+  return(MagickTrue);
+}
+
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif
diff --git a/MagickCore/constitute.c b/MagickCore/constitute.c
index fd1d74e73..b1161578a 100644
--- a/MagickCore/constitute.c
+++ b/MagickCore/constitute.c
@@ -47,6 +47,7 @@
 #include "MagickCore/exception-private.h"
 #include "MagickCore/cache.h"
 #include "MagickCore/client.h"
+#include "MagickCore/coder-private.h"
 #include "MagickCore/colorspace-private.h"
 #include "MagickCore/constitute.h"
 #include "MagickCore/constitute-private.h"
@@ -79,28 +80,6 @@
 #include "MagickCore/transform.h"
 #include "MagickCore/utility.h"
 #include "MagickCore/utility-private.h"
-
-static MagickBooleanType IsCoderAuthorized(const MagickInfo *magick_info,
-  const PolicyRights rights,const char *filename,ExceptionInfo *exception)
-{
-  MagickBooleanType
-    status;
-
-  PolicyDomain
-    domain;
-
-  if (magick_info == (MagickInfo *) NULL)
-    return(MagickTrue);
-  domain=CoderPolicyDomain;
-  status=IsRightsAuthorized(domain,rights,magick_info->module);
-  if (status == MagickFalse)
-    {
-      errno=EPERM;
-      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
-        "NotAuthorized","`%s'",filename);
-    }
-  return(status);
-}
 
 /*
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -452,6 +431,9 @@ MagickExport Image *ReadImage(const ImageInfo *image_info,
   ImageInfo
     *read_info;
 
+  MagickBooleanType
+    status;
+
   MagickStatusType
     flags;
 
@@ -478,12 +460,6 @@ MagickExport Image *ReadImage(const ImageInfo *image_info,
   sans_exception=DestroyExceptionInfo(sans_exception);
   if (magick_info != (const MagickInfo *) NULL)
     {
-      if (IsCoderAuthorized(magick_info,ReadPolicyRights,read_info->filename,
-           exception) == MagickFalse)
-        {
-          read_info=DestroyImageInfo(read_info);
-          return((Image *) NULL);
-        }
       if (GetMagickEndianSupport(magick_info) == MagickFalse)
         read_info->endian=UndefinedEndian;
       else
@@ -544,20 +520,21 @@ MagickExport Image *ReadImage(const ImageInfo *image_info,
           (void) CopyMagickString(read_info->filename,filename,
             MagickPathExtent);
           magick_info=GetMagickInfo(read_info->magick,exception);
-          if (IsCoderAuthorized(magick_info,ReadPolicyRights,
-                read_info->filename,exception) == MagickFalse)
-            {
-              read_info=DestroyImageInfo(read_info);
-              return((Image *) NULL);
-            }
           decoder=GetImageDecoder(magick_info);
         }
     }
   if (decoder != (DecodeImageHandler *) NULL)
     {
+      /*
+        Call appropriate image reader based on image type.
+      */
       if (GetMagickDecoderThreadSupport(magick_info) == MagickFalse)
         LockSemaphoreInfo(magick_info->semaphore);
-      image=decoder(read_info,exception);
+      status=IsCoderAuthorized(magick_info->module,read_info->magick,
+        ReadPolicyRights,exception);
+      image=(Image *) NULL;
+      if (status != MagickFalse)
+        image=decoder(read_info,exception);
       if (GetMagickDecoderThreadSupport(magick_info) == MagickFalse)
         UnlockSemaphoreInfo(magick_info->semaphore);
     }
@@ -613,15 +590,16 @@ MagickExport Image *ReadImage(const ImageInfo *image_info,
           read_info=DestroyImageInfo(read_info);
           return((Image *) NULL);
         }
-      if (IsCoderAuthorized(magick_info,ReadPolicyRights,
-            read_info->filename,exception) == MagickFalse)
-        {
-          read_info=DestroyImageInfo(read_info);
-          return((Image *) NULL);
-        }
+      /*
+        Call appropriate image reader based on image type.
+      */
       if (GetMagickDecoderThreadSupport(magick_info) == MagickFalse)
         LockSemaphoreInfo(magick_info->semaphore);
-      image=decoder(read_info,exception);
+      status=IsCoderAuthorized(magick_info->module,read_info->magick,
+        ReadPolicyRights,exception);
+      image=(Image *) NULL;
+      if (status != MagickFalse)
+        image=(decoder)(read_info,exception);
       if (GetMagickDecoderThreadSupport(magick_info) == MagickFalse)
         UnlockSemaphoreInfo(magick_info->semaphore);
     }
@@ -1101,12 +1079,6 @@ MagickExport MagickBooleanType WriteImage(const ImageInfo *image_info,
   sans_exception=DestroyExceptionInfo(sans_exception);
   if (magick_info != (const MagickInfo *) NULL)
     {
-      if (IsCoderAuthorized(magick_info,WritePolicyRights,filename,
-           exception) == MagickFalse)
-        {
-          write_info=DestroyImageInfo(write_info);
-          return(MagickFalse);
-        }
       if (GetMagickEndianSupport(magick_info) == MagickFalse)
         image->endian=UndefinedEndian;
       else
@@ -1181,7 +1153,10 @@ MagickExport MagickBooleanType WriteImage(const ImageInfo *image_info,
       */
       if (GetMagickEncoderThreadSupport(magick_info) == MagickFalse)
         LockSemaphoreInfo(magick_info->semaphore);
-      status=encoder(write_info,image,exception);
+      status=IsCoderAuthorized(magick_info->module,write_info->magick,
+        WritePolicyRights,exception);
+      if (status != MagickFalse)
+        status=encoder(write_info,image,exception);
       if (GetMagickEncoderThreadSupport(magick_info) == MagickFalse)
         UnlockSemaphoreInfo(magick_info->semaphore);
     }
@@ -1239,18 +1214,16 @@ MagickExport MagickBooleanType WriteImage(const ImageInfo *image_info,
                   "`%s'",write_info->magick);
             }
           if (encoder != (EncodeImageHandler *) NULL)
-            status=IsCoderAuthorized(magick_info,WritePolicyRights,filename,
-              exception);
-          else
-            status=MagickFalse;
-          if (status != MagickFalse)
             {
               /*
                 Call appropriate image writer based on image type.
               */
               if (GetMagickEncoderThreadSupport(magick_info) == MagickFalse)
                 LockSemaphoreInfo(magick_info->semaphore);
-              status=encoder(write_info,image,exception);
+              status=IsCoderAuthorized(magick_info->module,write_info->magick,
+                WritePolicyRights,exception);
+              if (status != MagickFalse)
+                status=encoder(write_info,image,exception);
               if (GetMagickEncoderThreadSupport(magick_info) == MagickFalse)
                 UnlockSemaphoreInfo(magick_info->semaphore);
             }
-- 
2.40.0