Attachment 270985 Details for Bug 293130 – Proposed patch for CVE-2009-3850 against Blender 2.49b (v4)

[patch] Proposed patch for CVE-2009-3850 against Blender 2.49b (v4)

blender-2.49b-CVE-2009-3850-v4.patch (text/plain), 5.10 KB, created by Sebastian Pipping on 2011-04-23 22:29:50 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sebastian Pipping

Created: 2011-04-23 22:29:50 UTC

Size: 5.10 KB

patch

obsolete

>From f3a8d00d03cc8bdf1739936998a784c9e4e64bb9 Mon Sep 17 00:00:00 2001
>From: Sebastian Pipping <sebastian@pipping.org>
>Date: Sun, 24 Apr 2011 00:00:36 +0200
>Subject: [PATCH] Disable execution of embedded Python code unless run with
> -666  (CVE-2009-3850)
>
>---
> source/blender/blenkernel/intern/blender.c  |   11 ++++++++++-
> source/blender/python/api2_2x/sceneRender.c |    3 ++-
> source/blender/src/buttons_script.c         |    4 +++-
> source/creator/creator.c                    |   18 ++++++++++++++----
> 4 files changed, 29 insertions(+), 7 deletions(-)
>
>diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c
>index bf208c8..029b7cf 100644
>--- a/source/blender/blenkernel/intern/blender.c
>+++ b/source/blender/blenkernel/intern/blender.c
>@@ -388,7 +388,16 @@ static void setup_app_data(BlendFileData *bfd, char *filename)
> 	if (G.f & G_DEBUG) bfd->globalf |= G_DEBUG;
> 	else bfd->globalf &= ~G_DEBUG;
> 
>-	if ((U.flag & USER_DONT_DOSCRIPTLINKS)) bfd->globalf &= ~G_DOSCRIPTLINKS;
>+	if (G.f & G_DOSCRIPTLINKS) {
>+		/* Blender running in -666 mode */
>+		/* NOTE: In background mode U.flag has not been initialized from ~/.B.blend */
>+		if (! G.background && (U.flag & USER_DONT_DOSCRIPTLINKS))
>+			/* Prefer disabled "Auto Run Python Scripts" over -666 */
>+			bfd->globalf &= ~G_DOSCRIPTLINKS;
>+	} else {
>+		/* Blender NOT running in -666 mode, deny pulling G_DOSCRIPTLINKS in */
>+		bfd->globalf &= ~G_DOSCRIPTLINKS;
>+	}
> 
> 	G.f= bfd->globalf;
> 
>diff --git a/source/blender/python/api2_2x/sceneRender.c b/source/blender/python/api2_2x/sceneRender.c
>index 1bf2b75..e34a361 100644
>--- a/source/blender/python/api2_2x/sceneRender.c
>+++ b/source/blender/python/api2_2x/sceneRender.c
>@@ -498,7 +498,8 @@ static PyObject *RenderData_Render( BPy_RenderData * self )
> 
> 		RE_BlenderFrame(re, G.scene, G.scene->r.cfra);
> 
>-		BPY_do_all_scripts(SCRIPT_POSTRENDER, 0);
>+		if (G.f & G_DOSCRIPTLINKS)
>+			BPY_do_all_scripts(SCRIPT_POSTRENDER, 0);
> 
> 		set_scene_bg( oldsce );
> 	}
>diff --git a/source/blender/src/buttons_script.c b/source/blender/src/buttons_script.c
>index 647fc66..6166133 100644
>--- a/source/blender/src/buttons_script.c
>+++ b/source/blender/src/buttons_script.c
>@@ -107,6 +107,8 @@
> #include "blendef.h"
> #include "butspace.h"
> 
>+extern int button_enable_script_links_enabled;
>+
> /* ************************ function prototypes ********************** */
> void draw_scriptlink(uiBlock *, ScriptLink *, int , int , int ) ;
> 
>@@ -323,7 +325,7 @@ static void  script_panel_scriptlink(void)
> 	block= uiNewBlock(&curarea->uiblocks, "script_panel_scriptlink", UI_EMBOSS, UI_HELV, curarea->win);
> 	if(uiNewPanel(curarea, block, "Scriptlinks", "Script", 0, 0, 318, 204)==0) return;
> 
>-	uiDefButBitI(block, TOG, G_DOSCRIPTLINKS, REDRAWBUTSSCRIPT,
>+	uiDefButBitI(block, button_enable_script_links_enabled ? TOG : BUT, G_DOSCRIPTLINKS, REDRAWBUTSSCRIPT,
> 			"Enable Script Links", xco, 200, 150, 20, &G.f, 0, 0, 0, 0,
> 			"Enable execution of all assigned Script links and Space Handelers");
> 	/* for proper alignment: */
>diff --git a/source/creator/creator.c b/source/creator/creator.c
>index a562fc3..ccea569 100644
>--- a/source/creator/creator.c
>+++ b/source/creator/creator.c
>@@ -108,6 +108,8 @@
> #include "binreloc.h"
> #endif
> 
>+int button_enable_script_links_enabled = 0;
>+
> // from buildinfo.c
> #ifdef BUILD_DATE
> extern char * build_date;
>@@ -232,7 +234,8 @@ static void print_help(void)
> 	printf ("  -nojoystick\tDisable joystick support\n");
> 	printf ("  -noglsl\tDisable GLSL shading\n");
> 	printf ("  -h\t\tPrint this help text\n");
>-	printf ("  -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n");
>+	printf ("  -666\t\tEnables automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n");
>+	printf ("  -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes) (default)\n");
> 	printf ("  -P <filename>\tRun the given Python script (filename or Blender Text)\n");
> #ifdef WIN32
> 	printf ("  -R\t\tRegister .blend extension\n");
>@@ -366,7 +369,7 @@ int main(int argc, char **argv)
> 
> 	/* first test for background */
> 
>-	G.f |= G_DOSCRIPTLINKS; /* script links enabled by default */
>+	G.f &= ~G_DOSCRIPTLINKS; /* script links disabled by default */
> 
> 	for(a=1; a<argc; a++) {
> 
>@@ -388,6 +391,11 @@ int main(int argc, char **argv)
> 			exit(0);
> 		}
> 
>+		if (!strcmp(argv[a], "-666")){
>+			G.f |= G_DOSCRIPTLINKS;
>+			button_enable_script_links_enabled = 1;
>+		}
>+
> 		/* Handle -* switches */
> 		else if(argv[a][0] == '-') {
> 			switch(argv[a][1]) {
>@@ -405,8 +413,9 @@ int main(int argc, char **argv)
> 				a= argc;
> 				break;
> 
>-			case 'y':
>+			case 'y':  /* NOTE: -y works the exact opposite way in version 2.57! */
> 				G.f &= ~G_DOSCRIPTLINKS;
>+				button_enable_script_links_enabled = 0;
> 				break;
> 
> 			case 'Y':
>@@ -680,7 +689,8 @@ int main(int argc, char **argv)
> #endif
> 						RE_BlenderAnim(re, G.scene, frame, frame, G.scene->frame_step);
> #ifndef DISABLE_PYTHON
>-						BPY_do_all_scripts(SCRIPT_POSTRENDER, 0);
>+						if (G.f & G_DOSCRIPTLINKS)
>+							BPY_do_all_scripts(SCRIPT_POSTRENDER, 0);
> #endif
> 					}
> 				} else {
>-- 
>1.7.5.rc1
>

Actions: View | Diff

Attachments on bug 293130: 270713 | 270983 | 270985