Blame SOURCES/ghostscript-cve-2019-14811-14812-14813.patch

38aaa9
From 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001
38aaa9
From: Ken Sharp <ken.sharp@artifex.com>
38aaa9
Date: Tue, 20 Aug 2019 10:10:28 +0100
38aaa9
Subject: make .forceput inaccessible
38aaa9
38aaa9
Bug #701343, #701344, #701345
38aaa9
38aaa9
More defensive programming. We don't want people to access .forecput
38aaa9
even though it is no longer sufficient to bypass SAFER. The exploit
38aaa9
in #701343 didn't work anyway because of earlier work to stop the error
38aaa9
handler being used, but nevertheless, prevent access to .forceput from
38aaa9
.setuserparams2.
38aaa9
38aaa9
diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
38aaa9
index 4cc7f820f..0fd416465 100644
38aaa9
--- a/Resource/Init/gs_lev2.ps
38aaa9
+++ b/Resource/Init/gs_lev2.ps
38aaa9
@@ -158,7 +158,7 @@ end
38aaa9
     {
38aaa9
       pop pop
38aaa9
     } ifelse
38aaa9
-  } forall
38aaa9
+  } executeonly forall
38aaa9
         % A context switch might have occurred during the above loop,
38aaa9
         % causing the interpreter-level parameters to be reset.
38aaa9
         % Set them again to the new values.  From here on, we are safe,
38aaa9
@@ -229,9 +229,9 @@ end
38aaa9
        { pop pop
38aaa9
        }
38aaa9
       ifelse
38aaa9
-    }
38aaa9
+    } executeonly
38aaa9
    forall pop
38aaa9
-} .bind odef
38aaa9
+} .bind executeonly odef
38aaa9
 
38aaa9
 % Initialize the passwords.
38aaa9
 % NOTE: the names StartJobPassword and SystemParamsPassword are known to
38aaa9
diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
38aaa9
index c158a8faf..422e66e1a 100644
38aaa9
--- a/Resource/Init/gs_pdfwr.ps
38aaa9
+++ b/Resource/Init/gs_pdfwr.ps
38aaa9
@@ -658,11 +658,11 @@ currentdict /.pdfmarkparams .undef
38aaa9
           systemdict /.pdf_hooked_DSC_Creator //true .forceput
38aaa9
         } executeonly if
38aaa9
         pop
38aaa9
-      } if
38aaa9
+      } executeonly if
38aaa9
     } {
38aaa9
       pop
38aaa9
     } ifelse
38aaa9
-  }
38aaa9
+  } executeonly
38aaa9
   {
38aaa9
     pop
38aaa9
   } ifelse