Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed second security issue in image uploading. Disclosure and releas…

…e forthcoming.
  • Loading branch information...
commit b1d463468694f2e91fde67221b7996e9c52a9720 1 parent dd16b17
Florian Apolloner authored July 30, 2012

Showing 1 changed file with 4 additions and 14 deletions. Show diff stats Hide diff stats

  1. 18  django/forms/fields.py
18  django/forms/fields.py
@@ -560,20 +560,10 @@ def to_python(self, data):
560 560
                 file = BytesIO(data['content'])
561 561
 
562 562
         try:
563  
-            # load() is the only method that can spot a truncated JPEG,
564  
-            #  but it cannot be called sanely after verify()
565  
-            trial_image = Image.open(file)
566  
-            trial_image.load()
567  
-
568  
-            # Since we're about to use the file again we have to reset the
569  
-            # file object if possible.
570  
-            if hasattr(file, 'seek') and callable(file.seek):
571  
-                file.seek(0)
572  
-
573  
-            # verify() is the only method that can spot a corrupt PNG,
574  
-            #  but it must be called immediately after the constructor
575  
-            trial_image = Image.open(file)
576  
-            trial_image.verify()
  563
+            # load() could spot a truncated JPEG, but it loads the entire
  564
+            # image in memory, which is a DoS vector. See #3848 and #18520.
  565
+            # verify() must be called immediately after the constructor.
  566
+            Image.open(file).verify()
577 567
         except ImportError:
578 568
             # Under PyPy, it is possible to import PIL. However, the underlying
579 569
             # _imaging C module isn't available, so an ImportError will be

0 notes on commit b1d4634

Please sign in to comment.
Something went wrong with that request. Please try again.