24 lines
913 B
Diff
24 lines
913 B
Diff
From ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4 Mon Sep 17 00:00:00 2001
|
|
From: Cristy <urban-warrior@imagemagick.org>
|
|
Date: Thu, 19 Nov 2020 18:36:05 +0000
|
|
Subject: [PATCH] fix shell injection vulnerability via the -authenticate
|
|
option
|
|
|
|
---
|
|
coders/pdf.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/coders/pdf.c b/coders/pdf.c
|
|
index 074ba3f64..ef1567b29 100644
|
|
--- a/coders/pdf.c
|
|
+++ b/coders/pdf.c
|
|
@@ -585,7 +585,7 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
|
|
if (stop_on_error != MagickFalse)
|
|
(void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
|
|
option=GetImageOption(image_info,"authenticate");
|
|
- if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL))
|
|
+ if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *) NULL))
|
|
{
|
|
char
|
|
passphrase[MagickPathExtent];
|