upstream/oracle/userland-gate: components/python/imaging/patches/04-CVE-2014-9601.patch@21ae1fb71148 (annotated)

4621 21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	1	Fix to upstream bug
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	2	https://github.com/python-pillow/Pillow/pull/1060
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	3
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	4	Patch based on upstream commit to Pillow 2.7.0 (PIL fork)
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	5	https://github.com/wiredfool/Pillow/commit/44286ba3c9bfa6ed565d11bd61460d8ec215e1ea
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	6
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	7	Note that this patch includes a test of the fix, which requires an
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	8	image file which is copied in from files/png_decompress_dos.png,
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	9	since it cannot be patched in.
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	10
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	11	--- Imaging-1.1.7-orig/PIL/PngImagePlugin.py 2015-01-21 17:45:12.000000000 -0800
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	12	+++ Imaging-1.1.7/PIL/PngImagePlugin.py 2015-01-21 19:37:23.000000000 -0800
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	13	@@ -68,6 +68,12 @@ _MODES = {
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	14	(16,6): ("RGBA", "RGBA;16B"),
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	15	}
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	16
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	17	+def _safe_zlib_decompress(s):
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	18	+ dobj = zlib.decompressobj()
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	19	+ plaintext = dobj.decompress(s, ImageFile.SAFEBLOCK)
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	20	+ if dobj.unconsumed_tail:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	21	+ raise ValueError("Decompressed Data Too Large")
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	22	+ return plaintext
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	23
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	24	# --------------------------------------------------------------------
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	25	# Support classes. Suitable for PNG and related formats like MNG etc.
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	26	@@ -197,7 +203,7 @@ class PngStream(ChunkStream):
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	27	if comp_method != 0:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	28	raise SyntaxError("Unknown compression method %s in iCCP chunk" % comp_method)
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	29	try:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	30	- icc_profile = zlib.decompress(s[i+2:])
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	31	+ icc_profile = _safe_zlib_decompress(s[i+2:])
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	32	except zlib.error:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	33	icc_profile = None # FIXME
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	34	self.im_info["icc_profile"] = icc_profile
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	35	@@ -293,7 +299,7 @@ class PngStream(ChunkStream):
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	36	if comp_method != 0:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	37	raise SyntaxError("Unknown compression method %s in zTXt chunk" % comp_method)
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	38	import zlib
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	39	- self.im_info[k] = self.im_text[k] = zlib.decompress(v[1:])
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	40	+ self.im_info[k] = self.im_text[k] = _safe_zlib_decompress(v[1:])
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	41	return s
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	42
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	43	# --------------------------------------------------------------------
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	44	--- Imaging-1.1.7-orig/selftest.py 2015-01-21 17:44:51.000000000 -0800
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	45	+++ Imaging-1.1.7/selftest.py 2015-07-02 17:06:23.636751412 -0700
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	46	@@ -9,6 +9,7 @@ from PIL import Image
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	47	from PIL import ImageDraw
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	48	from PIL import ImageFilter
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	49	from PIL import ImageMath
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	50	+from PIL import PngImagePlugin
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	51
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	52	try:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	53	Image.core.ping
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	54	@@ -146,6 +147,15 @@ def testimage():
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	55	>>> im.mode, im.size
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	56	('F', (128, 128))
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	57
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	58	+ Test fix to PNG decompression DOS #1060
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	59	+
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	60	+ >>> try:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	61	+ ... im = Image.open("Images/png_decompression_dos.png")
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	62	+ ... im.load()
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	63	+ ... except ValueError as msg:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	64	+ ... print msg
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	65	+ Decompressed Data Too Large
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	66	+
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	67	PIL can do many other things, but I'll leave that for another
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	68	day. If you're curious, check the handbook, available from:
21ae1fb71148 20396665 problem in PYTHON-MOD/PIL April Chin <april.chin@oracle.com> parents: diff changeset	69

author	April Chin <april.chin@oracle.com>
	Thu, 09 Jul 2015 18:19:03 -0700
branch	s11-update
changeset 4621	21ae1fb71148
permissions	-rw-r--r--