python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-11 15:54:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11 from ActiveState/BE-154-cve-2021-23437

Browse Source 
BE-154-CVE-2021-23437
This commit is contained in:
Marc Gutman 2023-03-22 10:18:12 -05:00 committed by GitHub
commit 134fb891ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 66 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES.rst
View File

@ -25,6 +25,9 @@ since Pillow 4.3.0.
- Fix CVE-2021-25291 - Fix CVE-2021-25291
[rickprice] [rickprice]
- Fix for CVE-2021-23437
[rickprice]
6.2.2.3 (2023-02-23) 6.2.2.3 (2023-02-23)
------------------ ------------------

85
Tests/test_imagecolor.py
View File

@ -29,9 +29,12 @@ class TestImageColor(PillowTestCase):
# case insensitivity # case insensitivity
self.assertEqual(ImageColor.getrgb("#DEF"), ImageColor.getrgb("#def")) self.assertEqual(ImageColor.getrgb("#DEF"), ImageColor.getrgb("#def"))
self.assertEqual(ImageColor.getrgb("#CDEF"), ImageColor.getrgb("#cdef")) self.assertEqual(ImageColor.getrgb("#CDEF"),
self.assertEqual(ImageColor.getrgb("#DEFDEF"), ImageColor.getrgb("#defdef")) ImageColor.getrgb("#cdef"))
self.assertEqual(ImageColor.getrgb("#CDEFCDEF"), ImageColor.getrgb("#cdefcdef")) self.assertEqual(ImageColor.getrgb("#DEFDEF"),
ImageColor.getrgb("#defdef"))
self.assertEqual(ImageColor.getrgb("#CDEFCDEF"),
ImageColor.getrgb("#cdefcdef"))
# not a number # not a number
self.assertRaises(ValueError, ImageColor.getrgb, "#fo0") self.assertRaises(ValueError, ImageColor.getrgb, "#fo0")
@ -76,48 +79,65 @@ class TestImageColor(PillowTestCase):
self.assertEqual((255, 0, 0), ImageColor.getrgb("hsv(0,100%,100%)")) self.assertEqual((255, 0, 0), ImageColor.getrgb("hsv(0,100%,100%)"))
self.assertEqual((255, 0, 0), ImageColor.getrgb("hsv(360,100%,100%)")) self.assertEqual((255, 0, 0), ImageColor.getrgb("hsv(360,100%,100%)"))
self.assertEqual((0, 255, 255), ImageColor.getrgb("hsv(180,100%,100%)")) self.assertEqual(
(0, 255, 255), ImageColor.getrgb("hsv(180,100%,100%)"))
# alternate format # alternate format
self.assertEqual( self.assertEqual(
ImageColor.getrgb("hsb(0,100%,50%)"), ImageColor.getrgb("hsv(0,100%,50%)") ImageColor.getrgb("hsb(0,100%,50%)"), ImageColor.getrgb(
"hsv(0,100%,50%)")
) )
# floats # floats
self.assertEqual((254, 3, 3), ImageColor.getrgb("hsl(0.1,99.2%,50.3%)")) self.assertEqual((254, 3, 3), ImageColor.getrgb(
self.assertEqual((255, 0, 0), ImageColor.getrgb("hsl(360.,100.0%,50%)")) "hsl(0.1,99.2%,50.3%)"))
self.assertEqual((255, 0, 0), ImageColor.getrgb(
"hsl(360.,100.0%,50%)"))
self.assertEqual((253, 2, 2), ImageColor.getrgb("hsv(0.1,99.2%,99.3%)")) self.assertEqual((253, 2, 2), ImageColor.getrgb(
self.assertEqual((255, 0, 0), ImageColor.getrgb("hsv(360.,100.0%,100%)")) "hsv(0.1,99.2%,99.3%)"))
self.assertEqual((255, 0, 0), ImageColor.getrgb(
"hsv(360.,100.0%,100%)"))
# case insensitivity # case insensitivity
self.assertEqual( self.assertEqual(
ImageColor.getrgb("RGB(255,0,0)"), ImageColor.getrgb("rgb(255,0,0)") ImageColor.getrgb("RGB(255,0,0)"), ImageColor.getrgb(
"rgb(255,0,0)")
) )
self.assertEqual( self.assertEqual(
ImageColor.getrgb("RGB(100%,0%,0%)"), ImageColor.getrgb("rgb(100%,0%,0%)") ImageColor.getrgb("RGB(100%,0%,0%)"), ImageColor.getrgb(
"rgb(100%,0%,0%)")
) )
self.assertEqual( self.assertEqual(
ImageColor.getrgb("RGBA(255,0,0,0)"), ImageColor.getrgb("rgba(255,0,0,0)") ImageColor.getrgb("RGBA(255,0,0,0)"), ImageColor.getrgb(
"rgba(255,0,0,0)")
) )
self.assertEqual( self.assertEqual(
ImageColor.getrgb("HSL(0,100%,50%)"), ImageColor.getrgb("hsl(0,100%,50%)") ImageColor.getrgb("HSL(0,100%,50%)"), ImageColor.getrgb(
"hsl(0,100%,50%)")
) )
self.assertEqual( self.assertEqual(
ImageColor.getrgb("HSV(0,100%,50%)"), ImageColor.getrgb("hsv(0,100%,50%)") ImageColor.getrgb("HSV(0,100%,50%)"), ImageColor.getrgb(
"hsv(0,100%,50%)")
) )
self.assertEqual( self.assertEqual(
ImageColor.getrgb("HSB(0,100%,50%)"), ImageColor.getrgb("hsb(0,100%,50%)") ImageColor.getrgb("HSB(0,100%,50%)"), ImageColor.getrgb(
"hsb(0,100%,50%)")
) )
# space agnosticism # space agnosticism
self.assertEqual((255, 0, 0), ImageColor.getrgb("rgb( 255 , 0 , 0 )")) self.assertEqual((255, 0, 0), ImageColor.getrgb(
self.assertEqual((255, 0, 0), ImageColor.getrgb("rgb( 100% , 0% , 0% )")) "rgb( 255 , 0 , 0 )"))
self.assertEqual((255, 0, 0), ImageColor.getrgb(
"rgb( 100% , 0% , 0% )"))
self.assertEqual( self.assertEqual(
(255, 0, 0, 0), ImageColor.getrgb("rgba( 255 , 0 , 0 , 0 )") (255, 0, 0, 0), ImageColor.getrgb(
"rgba( 255 , 0 , 0 , 0 )")
) )
self.assertEqual((255, 0, 0), ImageColor.getrgb("hsl( 0 , 100% , 50% )")) self.assertEqual((255, 0, 0), ImageColor.getrgb(
self.assertEqual((255, 0, 0), ImageColor.getrgb("hsv( 0 , 100% , 100% )")) "hsl( 0 , 100% , 50% )"))
self.assertEqual((255, 0, 0), ImageColor.getrgb(
"hsv( 0 , 100% , 100% )"))
# wrong number of components # wrong number of components
self.assertRaises(ValueError, ImageColor.getrgb, "rgb(255,0)") self.assertRaises(ValueError, ImageColor.getrgb, "rgb(255,0)")
@ -147,7 +167,8 @@ class TestImageColor(PillowTestCase):
def test_rounding_errors(self): def test_rounding_errors(self):
for color in ImageColor.colormap: for color in ImageColor.colormap:
expected = Image.new("RGB", (1, 1), color).convert("L").getpixel((0, 0)) expected = Image.new("RGB", (1, 1), color).convert(
"L").getpixel((0, 0))
actual = ImageColor.getcolor(color, "L") actual = ImageColor.getcolor(color, "L")
self.assertEqual(expected, actual) self.assertEqual(expected, actual)
@ -157,22 +178,26 @@ class TestImageColor(PillowTestCase):
Image.new("RGB", (1, 1), "white") Image.new("RGB", (1, 1), "white")
self.assertEqual((0, 0, 0, 255), ImageColor.getcolor("black", "RGBA")) self.assertEqual((0, 0, 0, 255), ImageColor.getcolor("black", "RGBA"))
self.assertEqual((255, 255, 255, 255), ImageColor.getcolor("white", "RGBA")) self.assertEqual((255, 255, 255, 255),
ImageColor.getcolor("white", "RGBA"))
self.assertEqual( self.assertEqual(
(0, 255, 115, 33), ImageColor.getcolor("rgba(0, 255, 115, 33)", "RGBA") (0, 255, 115, 33), ImageColor.getcolor(
"rgba(0, 255, 115, 33)", "RGBA")
) )
Image.new("RGBA", (1, 1), "white") Image.new("RGBA", (1, 1), "white")
self.assertEqual(0, ImageColor.getcolor("black", "L")) self.assertEqual(0, ImageColor.getcolor("black", "L"))
self.assertEqual(255, ImageColor.getcolor("white", "L")) self.assertEqual(255, ImageColor.getcolor("white", "L"))
self.assertEqual(162, ImageColor.getcolor("rgba(0, 255, 115, 33)", "L")) self.assertEqual(162, ImageColor.getcolor(
"rgba(0, 255, 115, 33)", "L"))
Image.new("L", (1, 1), "white") Image.new("L", (1, 1), "white")
self.assertEqual(0, ImageColor.getcolor("black", "1")) self.assertEqual(0, ImageColor.getcolor("black", "1"))
self.assertEqual(255, ImageColor.getcolor("white", "1")) self.assertEqual(255, ImageColor.getcolor("white", "1"))
# The following test is wrong, but is current behavior # The following test is wrong, but is current behavior
# The correct result should be 255 due to the mode 1 # The correct result should be 255 due to the mode 1
self.assertEqual(162, ImageColor.getcolor("rgba(0, 255, 115, 33)", "1")) self.assertEqual(162, ImageColor.getcolor(
"rgba(0, 255, 115, 33)", "1"))
# Correct behavior # Correct behavior
# self.assertEqual( # self.assertEqual(
# 255, ImageColor.getcolor("rgba(0, 255, 115, 33)", "1")) # 255, ImageColor.getcolor("rgba(0, 255, 115, 33)", "1"))
@ -180,5 +205,13 @@ class TestImageColor(PillowTestCase):
self.assertEqual((0, 255), ImageColor.getcolor("black", "LA")) self.assertEqual((0, 255), ImageColor.getcolor("black", "LA"))
self.assertEqual((255, 255), ImageColor.getcolor("white", "LA")) self.assertEqual((255, 255), ImageColor.getcolor("white", "LA"))
self.assertEqual((162, 33), ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")) self.assertEqual((162, 33), ImageColor.getcolor(
"rgba(0, 255, 115, 33)", "LA"))
Image.new("LA", (1, 1), "white") Image.new("LA", (1, 1), "white")
def test_color_too_long(self):
# Arrange
color_too_long = "hsl(" + "1" * 100 + ")"
# Act / Assert
self.assertRaises(ValueError, ImageColor.getrgb, color_too_long)

3
docs/releasenotes/6.2.2.4.rst
View File

@ -17,5 +17,6 @@ since Pillow 4.3.0.
:cve: `CVE-2021-27923` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. :cve: `CVE-2021-27923` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
:cve: `CVE-2021-25290` : Fix negative size read in TiffDecode.c :cve: `CVE-2021-25290` : Fix negative size read in TiffDecode.c
:cve: `CVE-2021-23437` : Raise ValueError if color specifier is too long

2
src/PIL/ImageColor.py
View File

@ -32,6 +32,8 @@ def getrgb(color):
:param color: A color string :param color: A color string
:return: ``(red, green, blue[, alpha])`` :return: ``(red, green, blue[, alpha])``
""" """
if len(color) > 100:
raise ValueError("color specifier is too long")
color = color.lower() color = color.lower()
rgb = colormap.get(color, None) rgb = colormap.get(color, None)