Skip to content
Snippets Groups Projects
Commit 0cee2f24c375 authored by wiredfool's avatar wiredfool
Browse files

Icns DOS fix -- CVE-2014-3589 

Found and reported by Andrew Drake of dropbox.com
parent 0221b8f21fac
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
PIL/IcnsImagePlugin.py
+ 2
0
View file @ 0cee2f24
...@@ -120,6 +120,8 @@ ...@@ -120,6 +120,8 @@
i = HEADERSIZE i = HEADERSIZE
while i < filesize: while i < filesize:
sig, blocksize = nextheader(fobj) sig, blocksize = nextheader(fobj)
if blocksize <= 0:
raise SyntaxError('invalid block header')
i = i + HEADERSIZE i = i + HEADERSIZE
blocksize = blocksize - HEADERSIZE blocksize = blocksize - HEADERSIZE
dct[sig] = (i, blocksize) dct[sig] = (i, blocksize)
......
Tests/check_icns_dos.py 0 → 100644
+ 10
0
View file @ 0cee2f24
# Tests potential DOS of IcnsImagePlugin with 0 length block.
# Run from anywhere that PIL is importable.
from PIL import Image
from io import BytesIO
if bytes is str:
Image.open(BytesIO(bytes('icns\x00\x00\x00\x10hang\x00\x00\x00\x00')))
else:
Image.open(BytesIO(bytes('icns\x00\x00\x00\x10hang\x00\x00\x00\x00', 'latin-1')))
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment