python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-06-30 01:43:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5393 from hugovk/test-redos

Browse Source 
Add test for CVE-2021-25292 ReDoS
This commit is contained in:
Andrew Murray 2021-04-09 23:34:11 +10:00 committed by GitHub
commit 356681faae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Tests/test_file_pdf.py
View File

@ -286,3 +286,13 @@ def test_pdf_append_to_bytesio():
f = io.BytesIO(f.getvalue()) f = io.BytesIO(f.getvalue())
im.save(f, format="PDF", append=True) im.save(f, format="PDF", append=True)
assert len(f.getvalue()) > initial_size assert len(f.getvalue()) > initial_size
@pytest.mark.timeout(1)
def test_redos():
malicious = b" trailer<<>>" + b"\n" * 3456
# This particular exception isn't relevant here.
# The important thing is it doesn't timeout, cause a ReDoS (CVE-2021-25292).
with pytest.raises(PdfParser.PdfFormatError):
PdfParser.PdfParser(buf=malicious)