Index: dviwin.cpp =================================================================== RCS file: /home/kde/kdegraphics/kdvi/dviwin.cpp,v retrieving revision 1.77.2.4 diff -u -r1.77.2.4 dviwin.cpp --- dviwin.cpp 7 Dec 2002 23:15:00 -0000 1.77.2.4 +++ dviwin.cpp 8 Apr 2003 12:23:08 -0000 @@ -29,6 +29,7 @@ #include #include #include +#include #include "dviwin.h" #include "fontpool.h" @@ -704,6 +705,28 @@ // specials in PostScriptDirectory, and the headers in the // PostScriptHeaderString. PS_interface->clear(); + + // Files that reside under "tmp" or under the "data" resource are most + // likely remote files. We limit the files they are able to read to + // the directory they are in in order to limit the possibilities of a + // denial of service attack. + bool restrictIncludePath = true; + QString tmp = KGlobal::dirs()->saveLocation("tmp", QString::null); + if (!filename.startsWith(tmp)) + { + tmp = KGlobal::dirs()->saveLocation("data", QString::null); + if (!filename.startsWith(tmp)) + restrictIncludePath = false; + } + + QString includePath; + if (restrictIncludePath) + { + includePath = filename; + includePath.truncate(includePath.findRev('/')); + } + + PS_interface->setIncludePath(includePath); // We will also generate a list of hyperlink-anchors in the // document. So declare the existing list empty. Index: psgs.cpp =================================================================== RCS file: /home/kde/kdegraphics/kdvi/psgs.cpp,v retrieving revision 1.13 diff -u -r1.13 psgs.cpp --- psgs.cpp 11 Jun 2001 13:40:16 -0000 1.13 +++ psgs.cpp 8 Apr 2003 12:23:08 -0000 @@ -54,6 +54,12 @@ DiskCache->clear(); } +void ghostscript_interface::setIncludePath(const QString &_includePath) { + if (_includePath.isEmpty()) + includePath = "*"; // Allow all files + else + includePath = _includePath+"/*"; +} void ghostscript_interface::setPostScript(int page, QString PostScript) { pageInfo *info = new pageInfo(PostScript); @@ -120,11 +126,13 @@ // Step 2: Call GS with the File KProcess proc; proc << "gs"; - proc << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256"; + proc << "-dSAFER" << "-dPARANOIDSAFER" << "-dDELAYSAFER" << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256"; proc << QString("-sOutputFile=%1").arg(filename); + proc << QString("-sExtraIncludePath=%1").arg(includePath); proc << QString("-g%1x%2").arg(pixel_page_w).arg(pixel_page_h); // page size in pixels proc << QString("-r%1").arg(resolution); // resolution in dpi - proc << PSfile.name(); + proc << "-c" << "<< /PermitFileReading [ ExtraIncludePath ] /PermitFileWriting [] /PermitFileControl [] >> setuserparams .locksafe"; + proc << "-f" << PSfile.name(); proc.start(KProcess::Block); PSfile.unlink(); } Index: psgs.h =================================================================== RCS file: /home/kde/kdegraphics/kdvi/psgs.h,v retrieving revision 1.3 diff -u -r1.3 psgs.h --- psgs.h 11 Jun 2001 13:40:16 -0000 1.3 +++ psgs.h 8 Apr 2003 12:23:08 -0000 @@ -41,6 +41,9 @@ // void setPostScript(int page, QString PostScript); + // sets path from additional postscript files may be read + void setIncludePath(const QString &_includePath); + // Returns the graphics of the page, if possible. The functions // returns a pointer to a QPixmap, or null. The referred QPixmap // should be deleted after use. @@ -63,6 +66,8 @@ double resolution; // in dots per inch int pixel_page_w; // in pixels int pixel_page_h; // in pixels + + QString includePath; signals: /** Passed through to the top-level kpart. */