J2k DOS fix -- CVE-2014-3598

Found and reported by Andrew Drake of dropbox.com
This commit is contained in:
wiredfool 2014-08-12 12:31:37 -07:00
parent 3aa9326574
commit 347a1d8d95
2 changed files with 14 additions and 0 deletions

View File

@ -70,6 +70,9 @@ def _parse_jp2_header(fp):
else: else:
hlen = 8 hlen = 8
if lbox < hlen:
raise SyntaxError('Invalid JP2 header length')
if tbox == b'jp2h': if tbox == b'jp2h':
header = fp.read(lbox - hlen) header = fp.read(lbox - hlen)
break break

11
Tests/check_j2k_dos.py Normal file
View File

@ -0,0 +1,11 @@
# Tests potential DOS of Jpeg2kImagePlugin with 0 length block.
# Run from anywhere that PIL is importable.
from PIL import Image
from io import BytesIO
if bytes is str:
Image.open(BytesIO(bytes('\x00\x00\x00\x0cjP\x20\x20\x0d\x0a\x87\x0a\x00\x00\x00\x00hang')))
else:
Image.open(BytesIO(bytes('\x00\x00\x00\x0cjP\x20\x20\x0d\x0a\x87\x0a\x00\x00\x00\x00hang', 'latin-1')))