Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.3.x] Fixed second security issue in image uploading. Disclosure an…

…d release forthcoming.

Backport of b1d4634 from master.
  • Loading branch information...
commit b2eb4787a0fff9c9993b78be5c698e85108f3446 1 parent 9ca0ff6
Florian Apolloner authored July 30, 2012

Showing 1 changed file with 4 additions and 14 deletions. Show diff stats Hide diff stats

  1. 18  django/forms/fields.py
18  django/forms/fields.py
@@ -538,20 +538,10 @@ def to_python(self, data):
538 538
                 file = StringIO(data['content'])
539 539
 
540 540
         try:
541  
-            # load() is the only method that can spot a truncated JPEG,
542  
-            #  but it cannot be called sanely after verify()
543  
-            trial_image = Image.open(file)
544  
-            trial_image.load()
545  
-
546  
-            # Since we're about to use the file again we have to reset the
547  
-            # file object if possible.
548  
-            if hasattr(file, 'reset'):
549  
-                file.reset()
550  
-
551  
-            # verify() is the only method that can spot a corrupt PNG,
552  
-            #  but it must be called immediately after the constructor
553  
-            trial_image = Image.open(file)
554  
-            trial_image.verify()
  541
+            # load() could spot a truncated JPEG, but it loads the entire
  542
+            # image in memory, which is a DoS vector. See #3848 and #18520.
  543
+            # verify() must be called immediately after the constructor.
  544
+            Image.open(file).verify()
555 545
         except ImportError:
556 546
             # Under PyPy, it is possible to import PIL. However, the underlying
557 547
             # _imaging C module isn't available, so an ImportError will be

0 notes on commit b2eb478

Please sign in to comment.
Something went wrong with that request. Please try again.