1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 29 Jan 2022 11:31:10 -0500
Subject: permit compositing MPRI images
This fix follow up of CVE-2023-1289
origin: https://github.com/ImageMagick/ImageMagick6/commit/4dd4d0df449acb13fb859041b4996af58243e352.patch
---
coders/mpr.c | 9 +++++++--
magick/draw.c | 41 +++++++++++++++++++++++++----------------
2 files changed, 32 insertions(+), 18 deletions(-)
diff --git a/coders/mpr.c b/coders/mpr.c
index 9cebc13..24c4e1f 100644
--- a/coders/mpr.c
+++ b/coders/mpr.c
@@ -100,8 +100,13 @@ static Image *ReadMPRImage(const ImageInfo *image_info,ExceptionInfo *exception)
assert(exception->signature == MagickCoreSignature);
image=(Image *) GetImageRegistry(ImageRegistryType,image_info->filename,
exception);
- if (image != (Image *) NULL)
- (void) SyncImageSettings(image_info,image);
+ if (image == (Image *) NULL)
+ {
+ (void) ThrowMagickException(exception,GetMagickModule(),FileOpenError,
+ "UnableToOpenFile","`%s'",image_info->filename);
+ return(image);
+ }
+ (void) SyncImageSettings(image_info,image);
return(image);
}
�
diff --git a/magick/draw.c b/magick/draw.c
index bab9b47..a8fcb91 100644
--- a/magick/draw.c
+++ b/magick/draw.c
@@ -5459,33 +5459,42 @@ MagickExport MagickBooleanType DrawPrimitive(Image *image,
else
if (*primitive_info->text != '\0')
{
- MagickBooleanType
- status;
+ MagickStatusType
+ path_status;
struct stat
attributes;
+ /*
+ Read composite image.
+ */
(void) CopyMagickString(clone_info->filename,primitive_info->text,
MagickPathExtent);
+ (void) SetImageInfo(clone_info,1,exception);
(void) CopyMagickString(clone_info->filename,primitive_info->text,
MagickPathExtent);
- status=GetPathAttributes(clone_info->filename,&attributes);
- if ((status != MagickFalse) && (S_ISCHR(attributes.st_mode) == 0))
+ if (clone_info->size != (char *) NULL)
+ clone_info->size=DestroyString(clone_info->size);
+ if (clone_info->extract != (char *) NULL)
+ clone_info->extract=DestroyString(clone_info->extract);
+ path_status=GetPathAttributes(clone_info->filename,&attributes);
+ if (path_status != MagickFalse)
{
- status&=SetImageInfo(clone_info,1,exception);
- (void) CopyMagickString(clone_info->filename,
- primitive_info->text,MagickPathExtent);
- if (clone_info->size != (char *) NULL)
- clone_info->size=DestroyString(clone_info->size);
- if (clone_info->extract != (char *) NULL)
- clone_info->extract=DestroyString(clone_info->extract);
- if ((LocaleCompare(clone_info->magick,"file") == 0) ||
- (LocaleCompare(clone_info->magick,"https") == 0) ||
- (LocaleCompare(clone_info->magick,"http") == 0) ||
- (LocaleCompare(clone_info->magick,"mpri") == 0) ||
- (IsPathAccessible(clone_info->filename) != MagickFalse))
+ if (S_ISCHR(attributes.st_mode) == 0)
composite_images=ReadImage(clone_info,exception);
+ else
+ (void) ThrowMagickException(exception,GetMagickModule(),
+ FileOpenError,"UnableToOpenFile","`%s'",
+ clone_info->filename);
}
+ else
+ if ((LocaleCompare(clone_info->magick,"ftp") != 0) &&
+ (LocaleCompare(clone_info->magick,"https") != 0) &&
+ (LocaleCompare(clone_info->magick,"http") != 0))
+ composite_images=ReadImage(clone_info,exception);
+ else
+ (void) ThrowMagickException(exception,GetMagickModule(),
+ FileOpenError,"UnableToOpenFile","`%s'",clone_info->filename);
}
clone_info=DestroyImageInfo(clone_info);
if (composite_images == (Image *) NULL)
|
