34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From a2b3dd8455da2f17849b55e6b6ddcce587e4a323 Mon Sep 17 00:00:00 2001
|
|
From: Cristy <urban-warrior@imagemagick.org>
|
|
Date: Mon, 16 Nov 2020 17:01:57 +0000
|
|
Subject: [PATCH] shell injection vulnerability via the -authenticate option
|
|
|
|
---
|
|
coders/pdf.c | 13 ++++++++-----
|
|
1 file changed, 8 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/coders/pdf.c b/coders/pdf.c
|
|
index 5e4edc760..63eda5d81 100644
|
|
--- a/coders/pdf.c
|
|
+++ b/coders/pdf.c
|
|
@@ -588,11 +588,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
|
|
if (option != (char *) NULL)
|
|
{
|
|
char
|
|
- passphrase[MaxTextExtent];
|
|
-
|
|
- (void) FormatLocaleString(passphrase,MaxTextExtent,
|
|
- "\"-sPDFPassword=%s\" ",option);
|
|
- (void) ConcatenateMagickString(options,passphrase,MaxTextExtent);
|
|
+ message[MagickPathExtent],
|
|
+ *passphrase;
|
|
+
|
|
+ passphrase=SanitizeString(option);
|
|
+ (void) FormatLocaleString(message,MagickPathExtent,
|
|
+ "\"-sPDFPassword=%s\" ",passphrase);
|
|
+ passphrase=DestroyString(passphrase);
|
|
+ (void) ConcatenateMagickString(options,message,MagickPathExtent);
|
|
}
|
|
read_info=CloneImageInfo(image_info);
|
|
*read_info->magick='\0';
|