This repository has been archived by the owner. It is now read-only.
Input sanitization: Limits on size and intensiveness of output of GraphicsMagick #57
Milestone
Comments
|
any recommended settings (names and defaults) and I'll add them. |
|
@karlht ping? |
|
Chatted with jrgm about this last week but ran out of time to get some limits written down. I'll get some suggestions recorded in this issue tomorrow or Wednesday. |
|
My suggestions (per invocation): /cc @jrgm -- he may have different ideas about what's reasonable. |
|
From triage, at a minimum, we should restrict file size and file type. |
|
Since we're now seeing lots more traffic on avatar endpoints, let's prioritize this |
seanmonstar
added a commit
that referenced
this issue
Oct 19, 2015
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Reference: http://www.graphicsmagick.org/GraphicsMagick.html
Under the 'Environment' section of the above man page, we should consider setting most if not all of the
MAGICK_LIMIT_*variables, so that e.g. a very small PostScript input doesn't wind up rasterizing to a multi-gigabyte output.Other resource-limiting schemes may also be good to have; it would be good if one misbehaving conversion did not bring all other avatar uploading to a screeching halt, for instance.
Does anyone else have any other specific concerns around input/image validation/sanitization?
The text was updated successfully, but these errors were encountered: