kashire/lainchan
4
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

SECURITY: imagemagick/graphicsmagick was ignoring all errors

Browse Source 
So, in a much older patch I had a problem where an incorrect RGB
profile would make image uploads fail. I fixed this by using strpos
against the error message...but didn't check the return value
correctly.

That means that any error from gm/im was ignored. This caused people
to upload too large images and flood /b/ with 1 x 10000 pixel images

My fault, patched now. Sorry about that.

Conflicts:
	inc/image.php
This commit is contained in:
8chan 2014-10-11 15:41:16 -07:00 committed by czaks
parent b2cbb70da3
commit 6052ed8d3d
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
inc/image.php
View File

@ -330,6 +330,7 @@ class ImageConvert extends ImageBase {
$convert_args = str_replace('-auto-orient', '', $config['convert_args']);
else
$convert_args = &$config['convert_args'];
if (($error = shell_exec_error(($this->gm ? 'gm ' : '') . 'convert ' .
sprintf($convert_args,
$this->width,
@ -361,10 +362,15 @@ class ImageConvert extends ImageBase {
$this->width,
$this->height,
escapeshellarg($this->temp)))) || !file_exists($this->temp)) {
if (!file_exists($this->temp)) {
$this->destroy();
error(_('Failed to resize image!'), null, $error);
}
if (strpos($error, "known incorrect sRGB profile") === false) {
$this->destroy();
error('Failed to resize image!', null, array('convert_error' => $error));
}
if (!file_exists($this->temp)) {
$this->destroy();
error(_('Failed to resize image!'), null, $error);
}
}
if ($size = $this->get_size($this->temp)) {
$this->width = $size[0];