patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

--- ./src/fontfile/fileio.c.orig	2014-01-07 10:25:08.000000000 -0600
+++ ./src/fontfile/fileio.c	2017-11-29 00:37:05.450068487 -0600
@@ -36,6 +36,9 @@
 #ifndef O_BINARY
 #define O_BINARY O_RDONLY
 #endif
+#ifndef O_NOFOLLOW
+#define O_NOFOLLOW 0
+#endif
 
 FontFilePtr
 FontFileOpen (const char *name)
@@ -44,7 +47,7 @@
     int		len;
     BufFilePtr	raw, cooked;
 
-    fd = open (name, O_BINARY);
+    fd = open (name, O_BINARY|O_CLOEXEC|O_NOFOLLOW);
     if (fd < 0)
 	return 0;
     raw = BufFileOpenRead (fd);
--- ./src/fontfile/dirfile.c.orig	2014-01-07 10:25:08.000000000 -0600
+++ ./src/fontfile/dirfile.c	2017-11-29 00:35:44.400069349 -0600
@@ -41,6 +41,7 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <fcntl.h>
 #include <errno.h>
 
 static Bool AddFileNameAliases ( FontDirectoryPtr dir );
@@ -57,8 +58,9 @@
     char        dir_file[MAXFONTFILENAMELEN];
     char	dir_path[MAXFONTFILENAMELEN];
     char	*ptr;
-    FILE       *file;
-    int         count,
+    FILE       *file = 0;
+    int         file_fd,
+                count,
                 num_fonts,
                 status;
     struct stat	statb;
@@ -88,7 +90,14 @@
     if (dir_file[strlen(dir_file) - 1] != '/')
 	strcat(dir_file, "/");
     strcat(dir_file, FontDirFile);
+#ifndef WIN32
+    file_fd = open(dir_file, O_RDONLY | O_NOFOLLOW);
+    if (file_fd >= 0) {
+	file = fdopen(file_fd, "rt");
+    }
+#else
     file = fopen(dir_file, "rt");
+#endif
     if (file) {
 #ifndef WIN32
 	if (fstat (fileno(file), &statb) == -1)
@@ -258,7 +267,8 @@
     char		alias[MAXFONTNAMELEN];
     char		font_name[MAXFONTNAMELEN];
     char		alias_file[MAXFONTFILENAMELEN];
-    FILE		*file;
+    int			file_fd;
+    FILE		*file = 0;
     FontDirectoryPtr	dir;
     int			token;
     char		*lexToken;
@@ -276,7 +286,16 @@
 	    strcat(alias_file, "/");
 	strcat(alias_file, FontAliasFile);
     }
+
+#ifndef WIN32
+    file_fd = open(alias_file, O_RDONLY | O_NOFOLLOW);
+    if (file_fd >= 0) {
+	file = fdopen(file_fd, "rt");
+    }
+#else
     file = fopen(alias_file, "rt");
+#endif
+
     if (!file)
 	return ((errno == ENOENT) ? Successful : BadFontPath);
     if (!dir)