Remove code to read EPS data from a pipe. - enscript - GNU Enscript
(HTM) git clone git://thinkerwim.org/enscript.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit a3e6bf57e48bb7434cdd590732e221fd2e0b4c17
(DIR) parent 7a645c4af13dde9af9fc9b8730d3e73bcd453e13
(HTM) Author: Tim Retout <diocles@gnu.org>
Date: Sat, 28 Mar 2009 12:30:18 +0000
Remove code to read EPS data from a pipe.
Diffstat:
M src/ChangeLog | 7 +++++++
M src/psgen.c | 61 +++++++++++--------------------
2 files changed, 29 insertions(+), 39 deletions(-)
---
(DIR) diff --git a/src/ChangeLog b/src/ChangeLog
@@ -1,3 +1,10 @@
+2009-03-28 Tim Retout <diocles@gnu.org>
+
+ * psgen.c (recognize_eps_file): Remove ability to read EPS data
+ from a pipe, as this executes arbitrary commands. It has been
+ disabled in most distros for five years anyway. See
+ CAN-2004-1185.
+
2009-01-25 Tim Retout <diocles@gnu.org>
* main.c (main): Respect $HOME when searching for ~/.enscriptrc
(DIR) diff --git a/src/psgen.c b/src/psgen.c
@@ -2376,6 +2376,7 @@ recognize_eps_file (Token *token)
{
int i;
char buf[4096];
+ char *filename;
int line;
int valid_epsf;
float llx, lly, urx, ury;
@@ -2383,52 +2384,34 @@ recognize_eps_file (Token *token)
MESSAGE (2, (stderr, "^@epsf=\"%s\"\n", token->u.epsf.filename));
i = strlen (token->u.epsf.filename);
- if (i > 0 && token->u.epsf.filename[i - 1] == '|')
- {
- /* Read EPS data from pipe. */
- token->u.epsf.pipe = 1;
- token->u.epsf.filename[i - 1] = '\0';
- token->u.epsf.fp = popen (token->u.epsf.filename, "r");
- if (token->u.epsf.fp == NULL)
- {
- MESSAGE (0, (stderr,
- _("epsf: couldn't open pipe to command \"%s\": %s\n"),
- token->u.epsf.filename, strerror (errno)));
- return 0;
- }
- }
- else
- {
- char *filename;
- /* Read EPS data from file. */
- filename = tilde_subst (token->u.epsf.filename);
+ /* Read EPS data from file. */
+ filename = tilde_subst (token->u.epsf.filename);
- token->u.epsf.fp = fopen (filename, "rb");
- xfree (filename);
+ token->u.epsf.fp = fopen (filename, "rb");
+ xfree (filename);
- if (token->u.epsf.fp == NULL)
+ if (token->u.epsf.fp == NULL)
+ {
+ if (token->u.epsf.filename[0] != '/')
{
- if (token->u.epsf.filename[0] != '/')
- {
- /* Name is not absolute, let's lookup path. */
- FileLookupCtx ctx;
+ /* Name is not absolute, let's lookup path. */
+ FileLookupCtx ctx;
- ctx.name = token->u.epsf.filename;
- ctx.suffix = "";
- ctx.fullname = buffer_alloc ();
+ ctx.name = token->u.epsf.filename;
+ ctx.suffix = "";
+ ctx.fullname = buffer_alloc ();
- if (pathwalk (libpath, file_lookup, &ctx))
- token->u.epsf.fp = fopen (buffer_ptr (ctx.fullname), "rb");
+ if (pathwalk (libpath, file_lookup, &ctx))
+ token->u.epsf.fp = fopen (buffer_ptr (ctx.fullname), "rb");
- buffer_free (ctx.fullname);
- }
- if (token->u.epsf.fp == NULL)
- {
- MESSAGE (0, (stderr, _("couldn't open EPS file \"%s\": %s\n"),
- token->u.epsf.filename, strerror (errno)));
- return 0;
- }
+ buffer_free (ctx.fullname);
+ }
+ if (token->u.epsf.fp == NULL)
+ {
+ MESSAGE (0, (stderr, _("couldn't open EPS file \"%s\": %s\n"),
+ token->u.epsf.filename, strerror (errno)));
+ return 0;
}
}