Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 273671 Details for
Bug 364291
<media-gfx/blender-2.57-r1 arbitrary code exec (sort of CVE-2009-3850)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Diff between v1 and v2
v1-to-v2.diff (text/plain), 4.71 KB, created by
Sebastian Pipping
on 2011-05-17 15:36:14 UTC
(
hide
)
Description:
Diff between v1 and v2
Filename:
MIME Type:
Creator:
Sebastian Pipping
Created:
2011-05-17 15:36:14 UTC
Size:
4.71 KB
patch
obsolete
>From 74ff88a20a4a1a01b72098c62d4fbfec41e1f44c Mon Sep 17 00:00:00 2001 >From: Sebastian Pipping <sebastian@pipping.org> >Date: Tue, 17 May 2011 17:32:51 +0200 >Subject: [PATCH] Restrict "Trusted Source" mode to --enable-autoexec|-y|-666, > disable checkboxes properly > >--- > source/blender/makesrna/intern/rna_userdef.c | 7 +++++++ > source/blender/windowmanager/intern/wm_files.c | 4 ++++ > source/blender/windowmanager/intern/wm_operators.c | 16 ++++++++++++---- > 3 files changed, 23 insertions(+), 4 deletions(-) > >diff --git a/source/blender/makesrna/intern/rna_userdef.c b/source/blender/makesrna/intern/rna_userdef.c >index a120857..218b50a 100644 >--- a/source/blender/makesrna/intern/rna_userdef.c >+++ b/source/blender/makesrna/intern/rna_userdef.c >@@ -107,6 +107,11 @@ static void rna_userdef_script_autoexec_update(Main *bmain, Scene *scene, Pointe > } > } > >+static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) { >+ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ >+ return !(G.f & G_SCRIPT_OVERRIDE_PREF); >+} >+ > static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr) > { > GPU_set_mipmap(!(U.gameflags & USER_DISABLE_MIPMAP)); >@@ -2508,6 +2513,8 @@ static void rna_def_userdef_system(BlenderRNA *brna) > RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_SCRIPT_AUTOEXEC_DISABLE); > RNA_def_property_ui_text(prop, "Auto Run Python Scripts", "Allow any .blend file to run scripts automatically (unsafe with blend files from an untrusted source)"); > RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update"); >+ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ >+ RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable"); > > prop= RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE); > RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE); >diff --git a/source/blender/windowmanager/intern/wm_files.c b/source/blender/windowmanager/intern/wm_files.c >index c1bacc6..37a9664 100644 >--- a/source/blender/windowmanager/intern/wm_files.c >+++ b/source/blender/windowmanager/intern/wm_files.c >@@ -276,6 +276,10 @@ static void wm_init_userdef(bContext *C) > else G.f &= ~G_SCRIPT_AUTOEXEC; > } > if(U.tempdir[0]) BLI_where_is_temp(btempdir, FILE_MAX, 1); >+ >+ /* Workaround to fix default of "Auto Run Python Scripts" checkbox */ >+ if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC)) >+ U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE; > } > > void WM_read_file(bContext *C, const char *name, ReportList *reports) >diff --git a/source/blender/windowmanager/intern/wm_operators.c b/source/blender/windowmanager/intern/wm_operators.c >index 28df023..a2142a5 100644 >--- a/source/blender/windowmanager/intern/wm_operators.c >+++ b/source/blender/windowmanager/intern/wm_operators.c >@@ -1471,12 +1471,13 @@ static int wm_open_mainfile_exec(bContext *C, wmOperator *op) > G.fileflags &= ~G_FILE_NO_UI; > else > G.fileflags |= G_FILE_NO_UI; >- >- if(RNA_boolean_get(op->ptr, "use_scripts")) >+ >+ /* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */ >+ if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF))) > G.f |= G_SCRIPT_AUTOEXEC; > else > G.f &= ~G_SCRIPT_AUTOEXEC; >- >+ > // XXX wm in context is not set correctly after WM_read_file -> crash > // do it before for now, but is this correct with multiple windows? > WM_event_add_notifier(C, NC_WINDOW, NULL); >@@ -1488,6 +1489,8 @@ static int wm_open_mainfile_exec(bContext *C, wmOperator *op) > > static void WM_OT_open_mainfile(wmOperatorType *ot) > { >+ PropertyRNA * use_scripts_checkbox = NULL; >+ > ot->name= "Open Blender File"; > ot->idname= "WM_OT_open_mainfile"; > ot->description="Open a Blender file"; >@@ -1499,7 +1502,12 @@ static void WM_OT_open_mainfile(wmOperatorType *ot) > WM_operator_properties_filesel(ot, FOLDERFILE|BLENDERFILE, FILE_BLENDER, FILE_OPENFILE, WM_FILESEL_FILEPATH); > > RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file"); >- RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source", "Allow blend file execute scripts automatically, default available from system preferences"); >+ use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts", >+ !!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source", >+ "Allow blend file execute scripts automatically, default available from system preferences"); >+ /* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */ >+ if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF)) >+ RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE); > } > > /* **************** link/append *************** */ >-- >1.7.5.rc3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=273671">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 364291
:
271021
| 273671 |
273673
