From 1a1a2ed001bafdf5ef1880db52d466a8c4e81375 Mon Sep 17 00:00:00 2001 From: wiredfool Date: Wed, 21 Jun 2017 02:52:18 -0700 Subject: [PATCH 1/2] Added DecompressionBombError on 2 x pixels of warning, ref #2410 --- PIL/Image.py | 8 ++++++++ Tests/test_decompression_bomb.py | 17 ++++++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/PIL/Image.py b/PIL/Image.py index 9936aad46..6768b3eb2 100644 --- a/PIL/Image.py +++ b/PIL/Image.py @@ -36,6 +36,8 @@ logger = logging.getLogger(__name__) class DecompressionBombWarning(RuntimeWarning): pass +class DecompressionBombError(Exception): + pass class _imaging_not_installed(object): # module placeholder @@ -2379,6 +2381,12 @@ def _decompression_bomb_check(size): pixels = size[0] * size[1] + if pixels > 2 * MAX_IMAGE_PIXELS: + raise DecompressionBombError( + "Image size (%d pixels) exceeds limit of %d pixels, " + "could be decompression bomb DOS attack." % + (pixels, 2* MAX_IMAGE_PIXELS)) + if pixels > MAX_IMAGE_PIXELS: warnings.warn( "Image size (%d pixels) exceeds limit of %d pixels, " diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py index 5598fd9c8..62bca6d10 100644 --- a/Tests/test_decompression_bomb.py +++ b/Tests/test_decompression_bomb.py @@ -29,15 +29,21 @@ class TestDecompressionBomb(PillowTestCase): Image.open(TEST_FILE) def test_warning(self): - # Arrange - # Set limit to a low, easily testable value - Image.MAX_IMAGE_PIXELS = 10 - self.assertEqual(Image.MAX_IMAGE_PIXELS, 10) + # Set limit to trigger warning on the test file + Image.MAX_IMAGE_PIXELS = 128 * 128 -1 + self.assertEqual(Image.MAX_IMAGE_PIXELS, 128 * 128 - 1) - # Act / Assert self.assert_warning(Image.DecompressionBombWarning, lambda: Image.open(TEST_FILE)) + def test_exception(self): + # Set limit to trigger exception on the test file + Image.MAX_IMAGE_PIXELS = 64 * 128 -1 + self.assertEqual(Image.MAX_IMAGE_PIXELS, 64 * 128 - 1) + + self.assertRaises(Image.DecompressionBombError, + lambda: Image.open(TEST_FILE)) + class TestDecompressionCrop(PillowTestCase): def setUp(self): @@ -54,5 +60,6 @@ class TestDecompressionCrop(PillowTestCase): self.assert_warning(Image.DecompressionBombWarning, lambda: self.src.crop(box)) + if __name__ == '__main__': unittest.main() From 544f76b10238cf42b318cd0753c69e31d928a04b Mon Sep 17 00:00:00 2001 From: wiredfool Date: Wed, 21 Jun 2017 04:04:27 -0700 Subject: [PATCH 2/2] Adjust test so that we get warning, not error --- Tests/test_decompression_bomb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py index 62bca6d10..5ce83f44c 100644 --- a/Tests/test_decompression_bomb.py +++ b/Tests/test_decompression_bomb.py @@ -48,7 +48,7 @@ class TestDecompressionCrop(PillowTestCase): def setUp(self): self.src = hopper() - Image.MAX_IMAGE_PIXELS = self.src.height * self.src.width + Image.MAX_IMAGE_PIXELS = self.src.height * self.src.width * 4 - 1 def tearDown(self): Image.MAX_IMAGE_PIXELS = ORIGINAL_LIMIT