Browse files

limit access to images greater than 16x16 pixels

  • Loading branch information...
1 parent 2432c65 commit 7a63df7d39cc1b6fd1a2049a64ea19316979ce02 @wandenberg committed Dec 1, 2011
Showing with 5 additions and 0 deletions.
  1. +5 −0 src/ngx_http_video_thumbextractor_module.c
View
5 src/ngx_http_video_thumbextractor_module.c
@@ -38,6 +38,11 @@ ngx_http_video_thumbextractor_handler(ngx_http_request_t *r)
height = (height != NGX_ERROR) ? height : 0;
}
+ if (((width > 0) && (width < 16)) || ((height > 0) && (height < 16))) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "video thumb extractor module: Very small size requested, %d x %d", width, height);
+ return NGX_HTTP_BAD_REQUEST;
+ }
+
if ((filename = ngx_http_video_thumbextractor_create_str(r->pool, clcf->root.len + vv_filename.len)) == NULL) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "video thumb extractor module: unable to allocate memory to store full filename");
return NGX_HTTP_INTERNAL_SERVER_ERROR;

0 comments on commit 7a63df7

Please sign in to comment.