$OpenBSD: patch-src_zfile_c,v 1.1 2003/06/04 01:14:14 margarida Exp $
--- src/zfile.c.orig	Thu Apr 11 21:05:01 2002
+++ src/zfile.c	Tue Jun  3 03:52:31 2003
@@ -51,7 +51,7 @@ extern_gx_io_device_table();
 extern const char iodev_dtype_stdio[];
 
 /* Forward references: file name parsing. */
-private int parse_file_name(P2(const ref * op, gs_parsed_file_name_t * pfn));
+private int parse_file_name(P3(const ref * op, gs_parsed_file_name_t * pfn, bool safemode));
 private int parse_real_file_name(P4(const ref * op,
 				    gs_parsed_file_name_t * pfn,
 				    gs_memory_t *mem, client_name_t cname));
@@ -151,18 +151,6 @@ check_file_permissions(i_ctx_t *i_ctx_p,
     /* recognized as a file name separator as on DOS & Windows	  */
     const char *filenamesep = gp_file_name_concat_string("\\", 1);
 
-    /*
-     * Check here for the %pipe device which is illegal when
-     * LockFilePermissions is true. In the future we might want to allow
-     * the %pipe device to be included on the PermitFile... paths, but
-     * for now it is simply disallowed.
-     */
-    if (i_ctx_p->LockFilePermissions &&
-               string_match( (const unsigned char*) fname, len,
-			     (const unsigned char*) "%pipe*", 5, NULL)
-       ) {
-	return e_invalidfileaccess;
-    }
     if (dict_find_string(&(i_ctx_p->userparams), permitgroup, &permitlist) <= 0)
         return 0;	/* if Permissions not found, just allow access */
     for (i=0; i<r_size(permitlist); i++) {
@@ -208,7 +196,7 @@ zfile(i_ctx_t *i_ctx_p)
 
     if (code < 0)
 	return code;
-    code = parse_file_name(op - 1, &pname);
+    code = parse_file_name(op - 1, &pname, i_ctx_p->LockFilePermissions);
     if (code < 0)
 	return code;
 	/*
@@ -389,7 +377,7 @@ zrenamefile(i_ctx_t *i_ctx_p)
         if (pname1.iodev != pname2.iodev ||
 	      (check_file_permissions(i_ctx_p, pname1.fname, pname1.len,
 	      				"PermitFileControl") < 0 &&
-	          !file_is_tempfile(i_ctx_p, op - 1) < 0) ||
+	          !file_is_tempfile(i_ctx_p, op - 1)) ||
 	      check_file_permissions(i_ctx_p, pname2.fname, pname2.len,
 	      				"PermitFileControl") < 0 ||
 	      check_file_permissions(i_ctx_p, pname2.fname, pname2.len,
@@ -429,7 +417,7 @@ zstatus(i_ctx_t *i_ctx_p)
 	    {
 		gs_parsed_file_name_t pname;
 		struct stat fstat;
-		int code = parse_file_name(op, &pname);
+		int code = parse_file_name(op, &pname, i_ctx_p->LockFilePermissions);
 
 		if (code < 0)
 		    return code;
@@ -565,7 +553,7 @@ zlibfile(i_ctx_t *i_ctx_p)
     stream *s;
 
     check_ostack(2);
-    code = parse_file_name(op, &pname);
+    code = parse_file_name(op, &pname, i_ctx_p->LockFilePermissions);
     if (code < 0)
 	return code;
     if (pname.iodev == NULL)
@@ -617,7 +605,7 @@ zlibfile(i_ctx_t *i_ctx_p)
 	    }
 	}
 	if (code < 0) {
-	    if (code == e_VMerror)
+	    if (code == e_VMerror || code == e_invalidfileaccess)
 		return code;
 	    push(1);
 	    make_false(op);
@@ -720,11 +708,24 @@ const op_def zfile_op_defs[] =
 /* Parse a file name into device and individual name. */
 /* See gsfname.c for details. */
 private int
-parse_file_name(const ref * op, gs_parsed_file_name_t * pfn)
+parse_file_name(const ref * op, gs_parsed_file_name_t * pfn, bool safemode)
 {
+    int code;
+
     check_read_type(*op, t_string);
-    return gs_parse_file_name(pfn, (const char *)op->value.const_bytes,
+    code = gs_parse_file_name(pfn, (const char *)op->value.const_bytes,
 			      r_size(op));
+    if (code < 0)
+	return code;
+    /*
+     * Check here for the %pipe device which is illegal when
+     * LockFilePermissions is true. In the future we might want to allow
+     * the %pipe device to be included on the PermitFile... paths, but
+     * for now it is simply disallowed.
+     */
+    if (pfn->iodev && safemode && strcmp(pfn->iodev->dname, "%pipe%") == 0)
+	return e_invalidfileaccess;
+    return code;
 }
 
 /* Parse a real (non-device) file name and convert to a C string. */
