[Bf-committers] PATCH CVE-2009-3850 for blender-2.57
Jochen Schmitt
Jochen at herr-schmitt.de
Wed Apr 27 19:08:00 CEST 2011
Hallo,
I was notified, that the security issue CVE-2009-3850 still exisi in
blender-2.57.
On bug #364291 on gut.gentoo.org the above patch was provided, which I want
to forward to you.
Best Regards:
Jochen Schmitt
@@ -, +, @@
--enable-autoexec|-y|-666 (CVE-2009-3850)
source/blender/blenkernel/intern/blender.c | 3 ++-
source/blender/makesrna/intern/rna_userdef.c | 9 ++++++---
source/blender/windowmanager/intern/wm_files.c | 3 ++-
source/creator/creator.c | 10 ++++++----
4 files changed, 16 insertions(+), 9 deletions(-)
--- a/source/blender/blenkernel/intern/blender.c
+++ a/source/blender/blenkernel/intern/blender.c
@@ -141,7 +141,8 @@ void initglobals(void)
G.charmin = 0x0000;
G.charmax = 0xffff;
- G.f |= G_SCRIPT_AUTOEXEC;
+ G.f &= ~G_SCRIPT_AUTOEXEC;
+ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning
G_SCRIPT_AUTOEXEC on from user prefs */
}
/***/
--- a/source/blender/makesrna/intern/rna_userdef.c
+++ a/source/blender/makesrna/intern/rna_userdef.c
@@ -99,9 +99,12 @@ static void rna_userdef_show_manipulator_update(Main
*bmain, Scene *scene, Point
static void rna_userdef_script_autoexec_update(Main *bmain, Scene
*scene, PointerRNA *ptr)
{
- UserDef *userdef = (UserDef*)ptr->data;
- if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &=
~G_SCRIPT_AUTOEXEC;
- else G.f |=
G_SCRIPT_AUTOEXEC;
+ if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
+ /* Blender run with --enable-autoexec */
+ UserDef *userdef = (UserDef*)ptr->data;
+ if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &=
~G_SCRIPT_AUTOEXEC;
+ else G.f |=
G_SCRIPT_AUTOEXEC;
+ }
}
static void rna_userdef_mipmap_update(Main *bmain, Scene *scene,
PointerRNA *ptr)
--- a/source/blender/windowmanager/intern/wm_files.c
+++ a/source/blender/windowmanager/intern/wm_files.c
@@ -270,7 +270,8 @@ static void wm_init_userdef(bContext *C)
/* set the python auto-execute setting from user prefs */
/* enabled by default, unless explicitly enabled in the command
line which overrides */
- if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
+ if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) {
+ /* Blender run with --enable-autoexec */
if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |=
G_SCRIPT_AUTOEXEC;
else G.f &=
~G_SCRIPT_AUTOEXEC;
}
--- a/source/creator/creator.c
+++ a/source/creator/creator.c
@@ -278,6 +278,7 @@ static int print_help(int UNUSED(argc), const char
**UNUSED(argv), void *data)
printf("\n");
+ BLI_argsPrintArgDoc(ba, "-666");
BLI_argsPrintArgDoc(ba, "--enable-autoexec");
BLI_argsPrintArgDoc(ba, "--disable-autoexec");
@@ -359,14 +360,14 @@ static int end_arguments(int UNUSED(argc), const
char **UNUSED(argv), void *UNUS
static int enable_python(int UNUSED(argc), const char **UNUSED(argv),
void *UNUSED(data))
{
G.f |= G_SCRIPT_AUTOEXEC;
- G.f |= G_SCRIPT_OVERRIDE_PREF;
+ G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning
G_SCRIPT_AUTOEXEC off from user prefs */
return 0;
}
static int disable_python(int UNUSED(argc), const char **UNUSED(argv),
void *UNUSED(data))
{
G.f &= ~G_SCRIPT_AUTOEXEC;
- G.f |= G_SCRIPT_OVERRIDE_PREF;
+ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning
G_SCRIPT_AUTOEXEC on from user prefs */
return 0;
}
@@ -1075,8 +1076,9 @@ static void setupArguments(bContext *C, bArgs *ba,
SYS_SystemHandle *syshandle)
BLI_argsAdd(ba, 1, "-v", "--version", "\n\tPrint Blender version
and exit", print_version, NULL);
- BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic
python script execution (default)", enable_python, NULL);
- BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable
automatic python script execution (pydrivers, pyconstraints, pynodes)",
disable_python, NULL);
+ BLI_argsAdd(ba, 1, NULL, "-666", "\n\tEnable automatic python
script execution (port from CVE-2009-3850 patch to Blender 2.49b)",
enable_python, NULL);
+ BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic
python script execution", enable_python, NULL);
+ BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable
automatic python script execution (pydrivers, pyconstraints, pynodes)
(default)", disable_python, NULL);
BLI_argsAdd(ba, 1, "-b", "--background", "<file>\n\tLoad <file> in
background (often used for UI-less rendering)", background_mode, NULL);
More information about the Bf-committers
mailing list