From: Dirk Lemstra <dirk@lemstra.org>
Date: Sat, 11 Sep 2021 10:57:09 +0200
Subject: [partial] CVE-2021-39212: Fixed incorrect check when module is used
 as the domain in policy.xml that would allow the use of a disabled module.

origin: https://github.com/ImageMagick/ImageMagick6/commit/8cd2fcd33460826628a7590dc3ce74d7785e1598.patch
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996588
bug-ubuntu-security: https://ubuntu.com/security/CVE-2021-39212
bug: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
---
 magick/module.c | 10 +++++-----
 magick/static.c |  8 ++++----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/magick/module.c b/magick/module.c
index 9f160..1ea993 100644
--- a/magick/module.c
+++ b/magick/module.c
@@ -1279,18 +1279,18 @@ MagickExport MagickBooleanType OpenModule(const char *module,
   module_info=(ModuleInfo *) GetModuleInfo(module,exception);
   if (module_info != (ModuleInfo *) NULL)
     return(MagickTrue);
+  (void) CopyMagickString(module_name,module,MaxTextExtent);
+  p=GetCoderInfo(module,exception);
+  if (p != (CoderInfo *) NULL)
+    (void) CopyMagickString(module_name,p->name,MaxTextExtent);
   rights=ReadPolicyRights;
-  if (IsRightsAuthorized(ModulePolicyDomain,rights,module) == MagickFalse)
+  if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse)
     {
       errno=EPERM;
       (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
         "NotAuthorized","`%s'",module);
       return(MagickFalse);
     }
-  (void) CopyMagickString(module_name,module,MaxTextExtent);
-  p=GetCoderInfo(module,exception);
-  if (p != (CoderInfo *) NULL)
-    (void) CopyMagickString(module_name,p->name,MaxTextExtent);
   if (GetValueFromSplayTree(module_list,module_name) != (void *) NULL)
     return(MagickTrue);  /* module already opened, return */
   /*
diff --git a/magick/static.c b/magick/static.c
index 8c68f..a2b11 100644
--- a/magick/static.c
+++ b/magick/static.c
@@ -395,17 +395,17 @@ MagickExport MagickBooleanType RegisterStaticModule(const char *module,
   */
   assert(module != (const char *) NULL);
   (void) CopyMagickString(module_name,module,MagickPathExtent);
+  p=GetCoderInfo(module,exception);
+  if (p != (CoderInfo *) NULL)
+    (void) CopyMagickString(module_name,p->name,MagickPathExtent);
   rights=ReadPolicyRights;
-  if (IsRightsAuthorized(ModulePolicyDomain,rights,module) == MagickFalse)
+  if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse)
     {
       errno=EPERM;
       (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
         "NotAuthorized","`%s'",module);
       return(MagickFalse);
     }
-  p=GetCoderInfo(module,exception);
-  if (p != (CoderInfo *) NULL)
-    (void) CopyMagickString(module_name,p->name,MagickPathExtent);
   extent=sizeof(MagickModules)/sizeof(MagickModules[0]);
   for (i=0; i < (ssize_t) extent; i++)
     if (LocaleCompare(MagickModules[i].module,module_name) == 0)