summaryrefslogtreecommitdiffstats
path: root/patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff')
-rw-r--r--patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff85
1 files changed, 85 insertions, 0 deletions
diff --git a/patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff b/patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff
new file mode 100644
index 00000000..352d00f0
--- /dev/null
+++ b/patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff
@@ -0,0 +1,85 @@
+--- ./src/fontfile/fileio.c.orig 2014-01-07 10:25:08.000000000 -0600
++++ ./src/fontfile/fileio.c 2017-11-29 00:37:05.450068487 -0600
+@@ -36,6 +36,9 @@
+ #ifndef O_BINARY
+ #define O_BINARY O_RDONLY
+ #endif
++#ifndef O_NOFOLLOW
++#define O_NOFOLLOW 0
++#endif
+
+ FontFilePtr
+ FontFileOpen (const char *name)
+@@ -44,7 +47,7 @@
+ int len;
+ BufFilePtr raw, cooked;
+
+- fd = open (name, O_BINARY);
++ fd = open (name, O_BINARY|O_CLOEXEC|O_NOFOLLOW);
+ if (fd < 0)
+ return 0;
+ raw = BufFileOpenRead (fd);
+--- ./src/fontfile/dirfile.c.orig 2014-01-07 10:25:08.000000000 -0600
++++ ./src/fontfile/dirfile.c 2017-11-29 00:35:44.400069349 -0600
+@@ -41,6 +41,7 @@
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <fcntl.h>
+ #include <errno.h>
+
+ static Bool AddFileNameAliases ( FontDirectoryPtr dir );
+@@ -57,8 +58,9 @@
+ char dir_file[MAXFONTFILENAMELEN];
+ char dir_path[MAXFONTFILENAMELEN];
+ char *ptr;
+- FILE *file;
+- int count,
++ FILE *file = 0;
++ int file_fd,
++ count,
+ num_fonts,
+ status;
+ struct stat statb;
+@@ -88,7 +90,14 @@
+ if (dir_file[strlen(dir_file) - 1] != '/')
+ strcat(dir_file, "/");
+ strcat(dir_file, FontDirFile);
++#ifndef WIN32
++ file_fd = open(dir_file, O_RDONLY | O_NOFOLLOW);
++ if (file_fd >= 0) {
++ file = fdopen(file_fd, "rt");
++ }
++#else
+ file = fopen(dir_file, "rt");
++#endif
+ if (file) {
+ #ifndef WIN32
+ if (fstat (fileno(file), &statb) == -1)
+@@ -258,7 +267,8 @@
+ char alias[MAXFONTNAMELEN];
+ char font_name[MAXFONTNAMELEN];
+ char alias_file[MAXFONTFILENAMELEN];
+- FILE *file;
++ int file_fd;
++ FILE *file = 0;
+ FontDirectoryPtr dir;
+ int token;
+ char *lexToken;
+@@ -276,7 +286,16 @@
+ strcat(alias_file, "/");
+ strcat(alias_file, FontAliasFile);
+ }
++
++#ifndef WIN32
++ file_fd = open(alias_file, O_RDONLY | O_NOFOLLOW);
++ if (file_fd >= 0) {
++ file = fdopen(file_fd, "rt");
++ }
++#else
+ file = fopen(alias_file, "rt");
++#endif
++
+ if (!file)
+ return ((errno == ENOENT) ? Successful : BadFontPath);
+ if (!dir)