Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 270985 Details for
Bug 293130
<media-gfx/blender-2.49b-r2: arbitrary code exec (CVE-2009-3850)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch for CVE-2009-3850 against Blender 2.49b (v4)
blender-2.49b-CVE-2009-3850-v4.patch (text/plain), 5.10 KB, created by
Sebastian Pipping
on 2011-04-23 22:29:50 UTC
(
hide
)
Description:
Proposed patch for CVE-2009-3850 against Blender 2.49b (v4)
Filename:
MIME Type:
Creator:
Sebastian Pipping
Created:
2011-04-23 22:29:50 UTC
Size:
5.10 KB
patch
obsolete
>From f3a8d00d03cc8bdf1739936998a784c9e4e64bb9 Mon Sep 17 00:00:00 2001 >From: Sebastian Pipping <sebastian@pipping.org> >Date: Sun, 24 Apr 2011 00:00:36 +0200 >Subject: [PATCH] Disable execution of embedded Python code unless run with > -666 (CVE-2009-3850) > >--- > source/blender/blenkernel/intern/blender.c | 11 ++++++++++- > source/blender/python/api2_2x/sceneRender.c | 3 ++- > source/blender/src/buttons_script.c | 4 +++- > source/creator/creator.c | 18 ++++++++++++++---- > 4 files changed, 29 insertions(+), 7 deletions(-) > >diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c >index bf208c8..029b7cf 100644 >--- a/source/blender/blenkernel/intern/blender.c >+++ b/source/blender/blenkernel/intern/blender.c >@@ -388,7 +388,16 @@ static void setup_app_data(BlendFileData *bfd, char *filename) > if (G.f & G_DEBUG) bfd->globalf |= G_DEBUG; > else bfd->globalf &= ~G_DEBUG; > >- if ((U.flag & USER_DONT_DOSCRIPTLINKS)) bfd->globalf &= ~G_DOSCRIPTLINKS; >+ if (G.f & G_DOSCRIPTLINKS) { >+ /* Blender running in -666 mode */ >+ /* NOTE: In background mode U.flag has not been initialized from ~/.B.blend */ >+ if (! G.background && (U.flag & USER_DONT_DOSCRIPTLINKS)) >+ /* Prefer disabled "Auto Run Python Scripts" over -666 */ >+ bfd->globalf &= ~G_DOSCRIPTLINKS; >+ } else { >+ /* Blender NOT running in -666 mode, deny pulling G_DOSCRIPTLINKS in */ >+ bfd->globalf &= ~G_DOSCRIPTLINKS; >+ } > > G.f= bfd->globalf; > >diff --git a/source/blender/python/api2_2x/sceneRender.c b/source/blender/python/api2_2x/sceneRender.c >index 1bf2b75..e34a361 100644 >--- a/source/blender/python/api2_2x/sceneRender.c >+++ b/source/blender/python/api2_2x/sceneRender.c >@@ -498,7 +498,8 @@ static PyObject *RenderData_Render( BPy_RenderData * self ) > > RE_BlenderFrame(re, G.scene, G.scene->r.cfra); > >- BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); >+ if (G.f & G_DOSCRIPTLINKS) >+ BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); > > set_scene_bg( oldsce ); > } >diff --git a/source/blender/src/buttons_script.c b/source/blender/src/buttons_script.c >index 647fc66..6166133 100644 >--- a/source/blender/src/buttons_script.c >+++ b/source/blender/src/buttons_script.c >@@ -107,6 +107,8 @@ > #include "blendef.h" > #include "butspace.h" > >+extern int button_enable_script_links_enabled; >+ > /* ************************ function prototypes ********************** */ > void draw_scriptlink(uiBlock *, ScriptLink *, int , int , int ) ; > >@@ -323,7 +325,7 @@ static void script_panel_scriptlink(void) > block= uiNewBlock(&curarea->uiblocks, "script_panel_scriptlink", UI_EMBOSS, UI_HELV, curarea->win); > if(uiNewPanel(curarea, block, "Scriptlinks", "Script", 0, 0, 318, 204)==0) return; > >- uiDefButBitI(block, TOG, G_DOSCRIPTLINKS, REDRAWBUTSSCRIPT, >+ uiDefButBitI(block, button_enable_script_links_enabled ? TOG : BUT, G_DOSCRIPTLINKS, REDRAWBUTSSCRIPT, > "Enable Script Links", xco, 200, 150, 20, &G.f, 0, 0, 0, 0, > "Enable execution of all assigned Script links and Space Handelers"); > /* for proper alignment: */ >diff --git a/source/creator/creator.c b/source/creator/creator.c >index a562fc3..ccea569 100644 >--- a/source/creator/creator.c >+++ b/source/creator/creator.c >@@ -108,6 +108,8 @@ > #include "binreloc.h" > #endif > >+int button_enable_script_links_enabled = 0; >+ > // from buildinfo.c > #ifdef BUILD_DATE > extern char * build_date; >@@ -232,7 +234,8 @@ static void print_help(void) > printf (" -nojoystick\tDisable joystick support\n"); > printf (" -noglsl\tDisable GLSL shading\n"); > printf (" -h\t\tPrint this help text\n"); >- printf (" -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n"); >+ printf (" -666\t\tEnables automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n"); >+ printf (" -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes) (default)\n"); > printf (" -P <filename>\tRun the given Python script (filename or Blender Text)\n"); > #ifdef WIN32 > printf (" -R\t\tRegister .blend extension\n"); >@@ -366,7 +369,7 @@ int main(int argc, char **argv) > > /* first test for background */ > >- G.f |= G_DOSCRIPTLINKS; /* script links enabled by default */ >+ G.f &= ~G_DOSCRIPTLINKS; /* script links disabled by default */ > > for(a=1; a<argc; a++) { > >@@ -388,6 +391,11 @@ int main(int argc, char **argv) > exit(0); > } > >+ if (!strcmp(argv[a], "-666")){ >+ G.f |= G_DOSCRIPTLINKS; >+ button_enable_script_links_enabled = 1; >+ } >+ > /* Handle -* switches */ > else if(argv[a][0] == '-') { > switch(argv[a][1]) { >@@ -405,8 +413,9 @@ int main(int argc, char **argv) > a= argc; > break; > >- case 'y': >+ case 'y': /* NOTE: -y works the exact opposite way in version 2.57! */ > G.f &= ~G_DOSCRIPTLINKS; >+ button_enable_script_links_enabled = 0; > break; > > case 'Y': >@@ -680,7 +689,8 @@ int main(int argc, char **argv) > #endif > RE_BlenderAnim(re, G.scene, frame, frame, G.scene->frame_step); > #ifndef DISABLE_PYTHON >- BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); >+ if (G.f & G_DOSCRIPTLINKS) >+ BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); > #endif > } > } else { >-- >1.7.5.rc1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 293130
:
270713
|
270983
| 270985