https://github.com/ImageMagick/ImageMagick/issues/407

author: Cristy <urban-warrior@imagemagick.org> 2017-06-10 13:11:48 -0400
committer: Cristy <urban-warrior@imagemagick.org> 2017-06-10 13:11:48 -0400
commit: 0047e5b1cc60f5587b99efa381f81a23b006d27f (patch)
tree: 6f98727f34da866735023682a724d175738e27d6
parent: e003d7c6c607a5a288acb5986cd4ee32b2af7e4c (diff)
download: ImageMagick-0047e5b1cc60f5587b99efa381f81a23b006d27f.tar.gz
6 files changed, 96 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 22d1ecbb2..6e8a9023c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-06-10  7.0.6-0 Cristy  <quetzlzacatenango@image...>
+  * Introduce SetMagickSecurityPolicy() (MagickCore) and
+    MagickSetSecurityPolicy() (MagickWand) to set the ImageMagick security
+    policy (reference https://github.com/ImageMagick/ImageMagick/issues/407).
+
 2017-06-02  7.0.5-10 Cristy  <quetzlzacatenango@image...>
   * Release ImageMagick version 7.0.5-10, GIT revision 20155:38ebc02:20170602.
 
diff --git a/MagickCore/policy.c b/MagickCore/policy.c
index 377279f33..784346b5f 100644
--- a/MagickCore/policy.c
+++ b/MagickCore/policy.c
@@ -52,6 +52,7 @@
 #include "MagickCore/option.h"
 #include "MagickCore/policy.h"
 #include "MagickCore/policy-private.h"
+#include "MagickCore/resource-private.h"
 #include "MagickCore/semaphore.h"
 #include "MagickCore/string_.h"
 #include "MagickCore/token.h"
@@ -1037,3 +1038,52 @@ MagickPrivate void PolicyComponentTerminus(void)
   UnlockSemaphoreInfo(policy_semaphore);
   RelinquishSemaphoreInfo(&policy_semaphore);
 }
+
+/*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%                                                                             %
+%                                                                             %
+%                                                                             %
+%  S e t M a g i c k S e c u r i t y P o l i c y                              %
+%                                                                             %
+%                                                                             %
+%                                                                             %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%
+%  SetMagickSecurityPolicy() sets the ImageMagick security policy.  It returns
+%  MagickFalse if the policy is already set or if the policy does not parse.
+%
+%  The format of the SetMagickSecurityPolicy method is:
+%
+%      MagickBooleanType SetMagickSecurityPolicy(const char *policy,
+%        ExceptionInfo *exception)
+%
+%  A description of each parameter follows:
+%
+%    o policy: the security policy in the XML format.
+%
+%    o exception: return any errors or warnings in this structure.
+%
+*/
+MagickExport MagickBooleanType SetMagickSecurityPolicy(const char *policy,
+  ExceptionInfo *exception)
+{
+  PolicyInfo
+    *p;
+  
+  MagickBooleanType
+    status;
+  
+  LockSemaphoreInfo(policy_semaphore);
+  ResetLinkedListIterator(policy_cache);
+  p=(PolicyInfo *) GetNextValueInLinkedList(policy_cache);
+  if ((p == (PolicyInfo *) NULL) || (p->domain != UndefinedPolicyDomain))
+    {
+      UnlockSemaphoreInfo(policy_semaphore);
+      return(MagickFalse);
+    }
+  UnlockSemaphoreInfo(policy_semaphore);
+  status=LoadPolicyCache(policy_cache,policy,"[user-policy]",0,exception);
+  ResourceComponentGenesis();
+  return(status);
+}
diff --git a/MagickCore/policy.h b/MagickCore/policy.h
index bd404f1cc..2723e5c4d 100644
--- a/MagickCore/policy.h
+++ b/MagickCore/policy.h
@@ -59,7 +59,8 @@ extern MagickExport const PolicyInfo
 
 extern MagickExport MagickBooleanType
   IsRightsAuthorized(const PolicyDomain,const PolicyRights,const char *),
-  ListPolicyInfo(FILE *,ExceptionInfo *);
+  ListPolicyInfo(FILE *,ExceptionInfo *),
+  SetMagickSecurityPolicy(const char *,ExceptionInfo *);
 
 #if defined(__cplusplus) || defined(c_plusplus)
 }
diff --git a/MagickWand/magick-property.c b/MagickWand/magick-property.c
index 358ca864d..0d54df331 100644
--- a/MagickWand/magick-property.c
+++ b/MagickWand/magick-property.c
@@ -2858,6 +2858,43 @@ WandExport MagickBooleanType MagickSetSamplingFactors(MagickWand *wand,
 %                                                                             %
 %                                                                             %
 %                                                                             %
+%   M a g i c k S e t S e c u r i t y P o l i c y                             %
+%                                                                             %
+%                                                                             %
+%                                                                             %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%
+%  MagickSetSecurityPolicy() sets the ImageMagick security policy.  It returns
+%  MagickFalse if the policy is already set or if the policy does not parse.
+%
+%  The format of the MagickSetAntialias method is:
+%
+%      MagickBooleanType MagickSetAntialias(MagickWand *wand,
+%        const char *policy)
+%
+%  A description of each parameter follows:
+%
+%    o wand: the magick wand.
+%
+%    o policy: the security policy in the XML format.
+%
+*/
+WandExport MagickBooleanType MagickSetSecurityPolicy(MagickWand *wand,
+  const char *policy)
+{
+  assert(wand != (MagickWand *) NULL);
+  assert(wand->signature == MagickWandSignature);
+  if (wand->debug != MagickFalse)
+    (void) LogMagickEvent(WandEvent,GetMagickModule(),"%s",wand->name);
+
+  return(SetMagickSecurityPolicy(policy,wand->exception));
+}
+
+/*
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%                                                                             %
+%                                                                             %
+%                                                                             %
 %   M a g i c k S e t S i z e                                                 %
 %                                                                             %
 %                                                                             %
diff --git a/MagickWand/magick-property.h b/MagickWand/magick-property.h
index 7d1f71bf9..ec6e77c53 100644
--- a/MagickWand/magick-property.h
+++ b/MagickWand/magick-property.h
@@ -111,6 +111,7 @@ extern WandExport MagickBooleanType
   MagickSetResolution(MagickWand *,const double,const double),
   MagickSetResourceLimit(const ResourceType type,const MagickSizeType limit),
   MagickSetSamplingFactors(MagickWand *,const size_t,const double *),
+  MagickSetSecurityPolicy(MagickWand *,const char *),
   MagickSetSize(MagickWand *,const size_t,const size_t),
   MagickSetSizeOffset(MagickWand *,const size_t,const size_t,const ssize_t),
   MagickSetType(MagickWand *,const ImageType);
diff --git a/config/policy.xml b/config/policy.xml
index 55e4611ac..1b92c6bee 100644
--- a/config/policy.xml
+++ b/config/policy.xml
@@ -75,5 +75,5 @@
   <!-- <policy domain="path" rights="none" pattern="@*" /> -->
   <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
   <!-- <policy domain="cache" name="synchronize" value="True"/> -->
-  <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+  <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
 </policymap>
author	Cristy <urban-warrior@imagemagick.org>	2017-06-10 13:11:48 -0400
committer	Cristy <urban-warrior@imagemagick.org>	2017-06-10 13:11:48 -0400
commit	0047e5b1cc60f5587b99efa381f81a23b006d27f (patch)
tree	6f98727f34da866735023682a724d175738e27d6
parent	e003d7c6c607a5a288acb5986cd4ee32b2af7e4c (diff)
download	ImageMagick-0047e5b1cc60f5587b99efa381f81a23b006d27f.tar.gz