add -dSAFER -dPARANOIDSAFER when dealing with ghostscript (#56808)

svn path=/trunk/kdegraphics/kdvi/; revision=219376

dviwin.cpp

@@ -37,6 +37,7 @@
 #include <klocale.h>
 #include <kprinter.h>
 #include <kprocess.h>
+#include <kstandarddirs.h>
 #include <kstringhandler.h>
 
 #include "dviwin.h"
@@ -501,6 +502,28 @@ bool dviWindow::setFile(QString fname, QString ref, bool sourceMarker)
   // PostScriptHeaderString.
   PS_interface->clear();
 
+  // Files that reside under "tmp" or under the "data" resource are most
+  // likely remote files. We limit the files they are able to read to
+  // the directory they are in in order to limit the possibilities of a 
+  // denial of service attack.
+  bool restrictIncludePath = true;
+  QString tmp = KGlobal::dirs()->saveLocation("tmp", QString::null);
+  if (!filename.startsWith(tmp))
+  {
+     tmp = KGlobal::dirs()->saveLocation("data", QString::null);
+     if (!filename.startsWith(tmp))
+        restrictIncludePath = false;
+  }
+  
+  QString includePath;
+  if (restrictIncludePath)
+  {
+     includePath = filename;
+     includePath.truncate(includePath.findRev('/'));
+  }
+
+  PS_interface->setIncludePath(includePath);     
+
   // We will also generate a list of hyperlink-anchors and source-file
   // anchors in the document. So declare the existing lists empty.
   anchorList.clear();

psgs.cpp

@@ -60,6 +60,12 @@ void ghostscript_interface::setPostScript(int page, QString PostScript) {
     *(pageList.find(page)->PostScriptString) = PostScript;
 }
 
+void ghostscript_interface::setIncludePath(const QString &_includePath) {
+  if (_includePath.isEmpty())
+     includePath = "*"; // Allow all files
+  else
+     includePath = _includePath+"/*";
+}
 
 void ghostscript_interface::setColor(int page, QColor background_color) {
   if (pageList.find(page) == 0) {
@@ -140,11 +146,13 @@ void ghostscript_interface::gs_generate_graphics_file(int page, QString filename
   // Step 2: Call GS with the File
   KProcess proc;
   proc << "gs";
-  proc << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256";
+  proc << "-dSAFER" << "-dPARANOIDSAFER" << "-dDELAYSAFER" << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256";
   proc << QString("-sOutputFile=%1").arg(filename);
+  proc << QString("-sExtraIncludePath=%1").arg(includePath);
   proc << QString("-g%1x%2").arg(pixel_page_w).arg(pixel_page_h); // page size in pixels
   proc << QString("-r%1").arg(resolution);                       // resolution in dpi
-  proc << PSfile.name();
+  proc << "-c" << "<< /PermitFileReading [ ExtraIncludePath ] /PermitFileWriting [] /PermitFileControl [] >> setuserparams .locksafe";
+  proc << "-f" << PSfile.name();
   proc.start(KProcess::Block);
   PSfile.unlink();
   emit(setStatusBarText(QString::null));

psgs.h

@@ -43,6 +43,9 @@ public:
   // sets the PostScript which is used on a certain page
   void setPostScript(int page, QString PostScript);
 
+  // sets path from additional postscript files may be read
+  void setIncludePath(const QString &_includePath);
+
   // sets the background color for a certain page
   void setColor(int page, QColor background_color);
 
@@ -73,6 +76,8 @@ private:
   int                   pixel_page_w; // in pixels
   int                   pixel_page_h; // in pixels
 
+  QString               includePath;
+
 signals:
   /** Passed through to the top-level kpart. */
   void setStatusBarText( const QString& );