Disabling a module will now also disable all the coders in that module.

dlemstra · dlemstra · commit 1d452bb3b5b0 · 2025-11-28T12:50:41.000+01:00
diff --git a/config/policy-limited.xml b/config/policy-limited.xml
@@ -85,7 +85,6 @@
   <!-- Indirect reads are not permitted. -->
   <policy domain="path" rights="none" pattern="@*"/>
   <!-- These image types are security risks on read, but write is fine -->
-  <policy domain="coder" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
   <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
   <!-- This policy sets the number of times to replace content of certain
        memory buffers and temporary files before they are freed or deleted. -->
diff --git a/config/policy-open.xml b/config/policy-open.xml
@@ -140,7 +140,6 @@
   <!-- Indirect reads are not permitted. -->
   <!-- <policy domain="path" rights="none" pattern="@*"/> -->
   <!-- These image types are security risks on read, but write is fine -->
-  <!-- <policy domain="coder" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/> -->
   <!-- <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/> -->
   <!-- This policy sets the number of times to replace content of certain
        memory buffers and temporary files before they are freed or deleted. -->
diff --git a/config/policy-secure.xml b/config/policy-secure.xml
@@ -93,7 +93,6 @@
   <!-- Indirect reads are not permitted. -->
   <policy domain="path" rights="none" pattern="@*"/>
   <!-- These image types are security risks on read, but write is fine -->
-  <policy domain="coder" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
   <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
   <!-- This policy sets the number of times to replace content of certain
        memory buffers and temporary files before they are freed or deleted. -->
diff --git a/magick/constitute.c b/magick/constitute.c
@@ -418,8 +418,8 @@ MagickExport Image *PingImages(const ImageInfo *image_info,
 %
 */
 
-static MagickBooleanType IsCoderAuthorized(const char *coder,
-  const PolicyRights rights,ExceptionInfo *exception)
+static MagickBooleanType IsCoderAuthorized(const char *module,
+  const char *coder,const PolicyRights rights,ExceptionInfo *exception)
 {
   if (IsRightsAuthorized(CoderPolicyDomain,rights,coder) == MagickFalse)
     {
@@ -428,6 +428,13 @@ static MagickBooleanType IsCoderAuthorized(const char *coder,
         "NotAuthorized","`%s'",coder);
       return(MagickFalse);
     }
+  if (IsRightsAuthorized(ModulePolicyDomain,rights,module) == MagickFalse)
+    {
+      errno=EPERM;
+      (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
+        "NotAuthorized","`%s'",module);
+      return(MagickFalse);
+    }
   return(MagickTrue);
 }
 
@@ -563,7 +570,8 @@ MagickExport Image *ReadImage(const ImageInfo *image_info,
       thread_support=GetMagickThreadSupport(magick_info);
       if ((thread_support & DecoderThreadSupport) == 0)
         LockSemaphoreInfo(magick_info->semaphore);
-      status=IsCoderAuthorized(read_info->magick,ReadPolicyRights,exception);
+      status=IsCoderAuthorized(magick_info->magick_module,read_info->magick,
+        ReadPolicyRights,exception);
       image=(Image *) NULL;
       if (status != MagickFalse)
         image=GetImageDecoder(magick_info)(read_info,exception);
@@ -628,7 +636,8 @@ MagickExport Image *ReadImage(const ImageInfo *image_info,
       thread_support=GetMagickThreadSupport(magick_info);
       if ((thread_support & DecoderThreadSupport) == 0)
         LockSemaphoreInfo(magick_info->semaphore);
-      status=IsCoderAuthorized(read_info->magick,ReadPolicyRights,exception);
+      status=IsCoderAuthorized(magick_info->magick_module,read_info->magick,
+        ReadPolicyRights,exception);
       image=(Image *) NULL;
       if (status != MagickFalse)
         image=(Image *) (GetImageDecoder(magick_info))(read_info,exception);
@@ -1245,7 +1254,8 @@ MagickExport MagickBooleanType WriteImage(const ImageInfo *image_info,
       thread_support=GetMagickThreadSupport(magick_info);
       if ((thread_support & EncoderThreadSupport) == 0)
         LockSemaphoreInfo(magick_info->semaphore);
-      status=IsCoderAuthorized(write_info->magick,WritePolicyRights,exception);
+      status=IsCoderAuthorized(magick_info->magick_module,write_info->magick,
+        WritePolicyRights,exception);
       if (status != MagickFalse)
         status=GetImageEncoder(magick_info)(write_info,image);
       if ((thread_support & EncoderThreadSupport) == 0)
@@ -1319,8 +1329,8 @@ MagickExport MagickBooleanType WriteImage(const ImageInfo *image_info,
               thread_support=GetMagickThreadSupport(magick_info);
               if ((thread_support & EncoderThreadSupport) == 0)
                 LockSemaphoreInfo(magick_info->semaphore);
-              status=IsCoderAuthorized(write_info->magick,WritePolicyRights,
-                exception);
+              status=IsCoderAuthorized(magick_info->magick_module,write_info->magick,
+                WritePolicyRights,exception);
               if (status != MagickFalse)
                 status=GetImageEncoder(magick_info)(write_info,image);
               if ((thread_support & EncoderThreadSupport) == 0)
