Bug 688703 - Patch to fix possible security problem with ps2epsi.
Summary: Patch to fix possible security problem with ps2epsi.
Status: NOTIFIED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: Resource (show other bugs)
Version: 0.00
Hardware: PC Linux
: P4 normal
Assignee: Ralph Giles
URL:
Keywords:
: 687304 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-05-17 11:06 UTC by Stefan Schweizer
Modified: 2008-12-19 08:31 UTC (History)
1 user (show)

See Also:
Customer:
Word Size: ---

Attachments
ghostscript-afpl-8.53-ps2epsi-afpl.diff (721 bytes, text/plain)
2006-05-17 11:06 UTC, Stefan Schweizer 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Schweizer 2006-05-17 11:06:19 UTC 
This is a small patch. Despite that I do not think it is a real exploitable
issue, I think this patch should go in.
Without having it applied also the error message "sed: -e expression #1, char
42: Invalid range end" would appear.

Downstream bugs:
bugs.gentoo.org/128650
bugs.gentoo.org/128645
Comment 1 Stefan Schweizer 2006-05-17 11:06:45 UTC 
Created attachment 2201 [details]
ghostscript-afpl-8.53-ps2epsi-afpl.diff
Comment 2 Stefan Schweizer 2006-05-17 13:59:05 UTC 
the first hunk is obviously not needed it has already been fixed, the second one
is necessarry though.

I have asked some people to test this and the outcoe was:
21:57 <@nick1> Seems it works with locale set to C, but only then
21:57 <@nick2> ah, that could be
21:58 <@nick1> I'm not quite sure why it does work with \~ though...
21:58 <@nick1> nick3, it fails for me with en_GB.UTF-8

When I try on my commandline:
# sed -e 's:[!-~]::g'
sed: -e expression #1, char 10: Invalid range end
prefixed with LC_ALL=C it does not error out though
Comment 3 Alex Cherepanov 2006-05-25 10:14:35 UTC 
*** Bug 687304 has been marked as a duplicate of this bug. ***
Comment 4 Ralph Giles 2006-05-31 08:01:00 UTC 
second hunk was committed in r6803.