Commit 818ee6363 for imagemagick.org
commit 818ee636323b007617cf5459acc5342f3962e5c8
Author: Dirk Lemstra <dirk@lemstra.org>
Date: Sun Feb 22 21:49:05 2026 +0100
Reverted changes that were committed by accident.
diff --git a/MagickCore/blob.c b/MagickCore/blob.c
index d617aa439..48fd4e66f 100644
--- a/MagickCore/blob.c
+++ b/MagickCore/blob.c
@@ -1464,36 +1464,19 @@ MagickExport void *FileToBlob(const char *filename,const size_t extent,
file=fileno(stdin);
if (LocaleCompare(filename,"-") != 0)
{
- int
- flags = O_RDONLY | O_BINARY;
-
status=GetPathAttributes(filename,&attributes);
if ((status == MagickFalse) || (S_ISDIR(attributes.st_mode) != 0))
{
ThrowFileException(exception,BlobError,"UnableToReadBlob",filename);
return(NULL);
}
-#if defined(O_NOFOLLOW)
- status=IsRightsAuthorized(SystemPolicyDomain,ReadPolicyRights,"follow");
- if (status == MagickFalse)
- flags|=O_NOFOLLOW;
-#endif
- file=open_utf8(filename,flags,0);
+ file=open_utf8(filename,O_RDONLY | O_BINARY,0);
}
if (file == -1)
{
ThrowFileException(exception,BlobError,"UnableToOpenFile",filename);
return(NULL);
}
- status=IsRightsAuthorized(PathPolicyDomain,ReadPolicyRights,filename);
- if (status == MagickFalse)
- {
- file=close_utf8(file)-1;
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return(NULL);
- }
offset=(MagickOffsetType) lseek(file,0,SEEK_END);
count=0;
if ((file == fileno(stdin)) || (offset < 0) ||
@@ -1687,7 +1670,7 @@ MagickExport MagickBooleanType FileToImage(Image *image,const char *filename,
assert(filename != (const char *) NULL);
if (IsEventLogging() != MagickFalse)
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",filename);
- status=IsRightsAuthorized(PathPolicyDomain,ReadPolicyRights,filename);
+ status=IsRightsAuthorized(PathPolicyDomain,WritePolicyRights,filename);
if (status == MagickFalse)
{
errno=EPERM;
@@ -1697,31 +1680,12 @@ MagickExport MagickBooleanType FileToImage(Image *image,const char *filename,
}
file=fileno(stdin);
if (LocaleCompare(filename,"-") != 0)
- {
- int
- flags = O_RDONLY | O_BINARY;
-
-#if defined(O_NOFOLLOW)
- status=IsRightsAuthorized(SystemPolicyDomain,ReadPolicyRights,"follow");
- if (status == MagickFalse)
- flags|=O_NOFOLLOW;
-#endif
- file=open_utf8(filename,flags,0);
- }
+ file=open_utf8(filename,O_RDONLY | O_BINARY,0);
if (file == -1)
{
ThrowFileException(exception,BlobError,"UnableToOpenBlob",filename);
return(MagickFalse);
}
- status=IsRightsAuthorized(PathPolicyDomain,ReadPolicyRights,filename);
- if (status == MagickFalse)
- {
- file=close_utf8(file);
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return(MagickFalse);
- }
quantum=(size_t) MagickMaxBufferExtent;
if ((fstat(file,&file_stats) == 0) && (file_stats.st_size > 0))
quantum=(size_t) MagickMin(file_stats.st_size,MagickMaxBufferExtent);
@@ -3623,13 +3587,6 @@ MagickExport MagickBooleanType OpenBlob(const ImageInfo *image_info,
(void) SetStreamBuffering(image_info,blob_info);
}
}
- if (IsRightsAuthorized(PathPolicyDomain,rights,filename) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return(MagickFalse);
- }
blob_info->status=0;
blob_info->error_number=0;
if (blob_info->type != UndefinedStream)
diff --git a/config/policy-secure.xml b/config/policy-secure.xml
index 15fb85b3f..768487c58 100644
--- a/config/policy-secure.xml
+++ b/config/policy-secure.xml
@@ -108,6 +108,4 @@
<!-- Set the maximum amount of memory in bytes that are permitted for
allocation requests. -->
<policy domain="system" name="max-memory-request" value="256MiB"/>
- <!-- If the basename of path is a symbolic link, the open fails -->
- <policy domain="system" name="symlink" rights="none" pattern="follow"/>
</policymap>