From c14f325c4eef628bc7bfd8873c3a72aeb0219141 Mon Sep 17 00:00:00 2001 From: Florian Apolloner Date: Mon, 30 Jul 2012 21:58:55 +0200 Subject: [1.4.x] Fixed second security issue in image uploading. Disclosure and release forthcoming. Backport of b1d463468694f2e91fde67221b7996e9c52a9720 from master. --- django/forms/fields.py | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/django/forms/fields.py b/django/forms/fields.py index 96ecabfdc1..16007e5c59 100644 --- a/django/forms/fields.py +++ b/django/forms/fields.py @@ -570,20 +570,10 @@ class ImageField(FileField): file = StringIO(data['content']) try: - # load() is the only method that can spot a truncated JPEG, - # but it cannot be called sanely after verify() - trial_image = Image.open(file) - trial_image.load() - - # Since we're about to use the file again we have to reset the - # file object if possible. - if hasattr(file, 'reset'): - file.reset() - - # verify() is the only method that can spot a corrupt PNG, - # but it must be called immediately after the constructor - trial_image = Image.open(file) - trial_image.verify() + # load() could spot a truncated JPEG, but it loads the entire + # image in memory, which is a DoS vector. See #3848 and #18520. + # verify() must be called immediately after the constructor. + Image.open(file).verify() except ImportError: # Under PyPy, it is possible to import PIL. However, the underlying # _imaging C module isn't available, so an ImportError will be -- cgit v1.3