Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v2.patch
blob: 526e0f7f98ae51f9ac7118dd698bdd270e5fd5c4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

From c4181c5639da5c6a6df31b434498a44d0d680487 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Tue, 17 May 2011 17:37:11 +0200
Subject: [PATCH] Disable execution of embedded Python code unless run with
 --enable-autoexec|-y|-666  (CVE-2009-3850)

---
 source/blender/blenkernel/intern/blender.c         |    3 ++-
 source/blender/makesrna/intern/rna_userdef.c       |   16 +++++++++++++---
 source/blender/windowmanager/intern/wm_files.c     |    7 ++++++-
 source/blender/windowmanager/intern/wm_operators.c |   16 ++++++++++++----
 source/creator/creator.c                           |   10 ++++++----
 5 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c
index 5f08505..9c27ac7 100644
--- a/source/blender/blenkernel/intern/blender.c
+++ b/source/blender/blenkernel/intern/blender.c
@@ -141,7 +141,8 @@ void initglobals(void)
 	G.charmin = 0x0000;
 	G.charmax = 0xffff;
 	
-	G.f |= G_SCRIPT_AUTOEXEC;
+	G.f &= ~G_SCRIPT_AUTOEXEC;
+	G.f |= G_SCRIPT_OVERRIDE_PREF;  /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
 }
 
 /***/
diff --git a/source/blender/makesrna/intern/rna_userdef.c b/source/blender/makesrna/intern/rna_userdef.c
index e9a9ddc..218b50a 100644
--- a/source/blender/makesrna/intern/rna_userdef.c
+++ b/source/blender/makesrna/intern/rna_userdef.c
@@ -99,9 +99,17 @@ static void rna_userdef_show_manipulator_update(Main *bmain, Scene *scene, Point
 
 static void rna_userdef_script_autoexec_update(Main *bmain, Scene *scene, PointerRNA *ptr)
 {
-	UserDef *userdef = (UserDef*)ptr->data;
-	if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE)	G.f &= ~G_SCRIPT_AUTOEXEC;
-	else												G.f |=  G_SCRIPT_AUTOEXEC;
+	if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
+		/* Blender run with --enable-autoexec */
+		UserDef *userdef = (UserDef*)ptr->data;
+		if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE)	G.f &= ~G_SCRIPT_AUTOEXEC;
+		else												G.f |=  G_SCRIPT_AUTOEXEC;
+	}
+}
+
+static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) {
+	/* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */
+	return !(G.f & G_SCRIPT_OVERRIDE_PREF);
 }
 
 static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr)
@@ -2505,6 +2513,8 @@ static void rna_def_userdef_system(BlenderRNA *brna)
 	RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_SCRIPT_AUTOEXEC_DISABLE);
 	RNA_def_property_ui_text(prop, "Auto Run Python Scripts", "Allow any .blend file to run scripts automatically (unsafe with blend files from an untrusted source)");
 	RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update");
+	/* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */
+	RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable");
 
 	prop= RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE);
 	RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE);
diff --git a/source/blender/windowmanager/intern/wm_files.c b/source/blender/windowmanager/intern/wm_files.c
index f4f7af0..37a9664 100644
--- a/source/blender/windowmanager/intern/wm_files.c
+++ b/source/blender/windowmanager/intern/wm_files.c
@@ -270,11 +270,16 @@ static void wm_init_userdef(bContext *C)
 
 	/* set the python auto-execute setting from user prefs */
 	/* enabled by default, unless explicitly enabled in the command line which overrides */
-	if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
+	if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) {
+		/* Blender run with --enable-autoexec */
 		if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |=  G_SCRIPT_AUTOEXEC;
 		else											  G.f &= ~G_SCRIPT_AUTOEXEC;
 	}
 	if(U.tempdir[0]) BLI_where_is_temp(btempdir, FILE_MAX, 1);
+
+	/* Workaround to fix default of "Auto Run Python Scripts" checkbox */
+	if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC))
+		U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE;
 }
 
 void WM_read_file(bContext *C, const char *name, ReportList *reports)
diff --git a/source/blender/windowmanager/intern/wm_operators.c b/source/blender/windowmanager/intern/wm_operators.c
index 28df023..a2142a5 100644
--- a/source/blender/windowmanager/intern/wm_operators.c
+++ b/source/blender/windowmanager/intern/wm_operators.c
@@ -1471,12 +1471,13 @@ static int wm_open_mainfile_exec(bContext *C, wmOperator *op)
 		G.fileflags &= ~G_FILE_NO_UI;
 	else
 		G.fileflags |= G_FILE_NO_UI;
-		
-	if(RNA_boolean_get(op->ptr, "use_scripts"))
+
+	/* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */
+	if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF)))
 		G.f |= G_SCRIPT_AUTOEXEC;
 	else
 		G.f &= ~G_SCRIPT_AUTOEXEC;
-	
+
 	// XXX wm in context is not set correctly after WM_read_file -> crash
 	// do it before for now, but is this correct with multiple windows?
 	WM_event_add_notifier(C, NC_WINDOW, NULL);
@@ -1488,6 +1489,8 @@ static int wm_open_mainfile_exec(bContext *C, wmOperator *op)
 
 static void WM_OT_open_mainfile(wmOperatorType *ot)
 {
+	PropertyRNA * use_scripts_checkbox = NULL;
+
 	ot->name= "Open Blender File";
 	ot->idname= "WM_OT_open_mainfile";
 	ot->description="Open a Blender file";
@@ -1499,7 +1502,12 @@ static void WM_OT_open_mainfile(wmOperatorType *ot)
 	WM_operator_properties_filesel(ot, FOLDERFILE|BLENDERFILE, FILE_BLENDER, FILE_OPENFILE, WM_FILESEL_FILEPATH);
 
 	RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file");
-	RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source", "Allow blend file execute scripts automatically, default available from system preferences");
+	use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts",
+			!!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source",
+			"Allow blend file execute scripts automatically, default available from system preferences");
+	/* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */
+	if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF))
+		RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE);
 }
 
 /* **************** link/append *************** */
diff --git a/source/creator/creator.c b/source/creator/creator.c
index c687cc2..1da282f 100644
--- a/source/creator/creator.c
+++ b/source/creator/creator.c
@@ -278,6 +278,7 @@ static int print_help(int UNUSED(argc), const char **UNUSED(argv), void *data)
 
 	printf("\n");
 
+	BLI_argsPrintArgDoc(ba, "-666");
 	BLI_argsPrintArgDoc(ba, "--enable-autoexec");
 	BLI_argsPrintArgDoc(ba, "--disable-autoexec");
 
@@ -359,14 +360,14 @@ static int end_arguments(int UNUSED(argc), const char **UNUSED(argv), void *UNUS
 static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
 {
 	G.f |= G_SCRIPT_AUTOEXEC;
-	G.f |= G_SCRIPT_OVERRIDE_PREF;
+	G.f &= ~G_SCRIPT_OVERRIDE_PREF;  /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */
 	return 0;
 }
 
 static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
 {
 	G.f &= ~G_SCRIPT_AUTOEXEC;
-	G.f |= G_SCRIPT_OVERRIDE_PREF;
+	G.f |= G_SCRIPT_OVERRIDE_PREF;  /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
 	return 0;
 }
 
@@ -1075,8 +1076,9 @@ static void setupArguments(bContext *C, bArgs *ba, SYS_SystemHandle *syshandle)
 
 	BLI_argsAdd(ba, 1, "-v", "--version", "\n\tPrint Blender version and exit", print_version, NULL);
 
-	BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution (default)", enable_python, NULL);
-	BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)", disable_python, NULL);
+	BLI_argsAdd(ba, 1, NULL, "-666", "\n\tEnable automatic python script execution (port from CVE-2009-3850 patch to Blender 2.49b)", enable_python, NULL);
+	BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution", enable_python, NULL);
+	BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes) (default)", disable_python, NULL);
 
 	BLI_argsAdd(ba, 1, "-b", "--background", "<file>\n\tLoad <file> in background (often used for UI-less rendering)", background_mode, NULL);
 
-- 
1.7.5.rc3