Szuru doesn't allow images with more than 178956970 pixels #45

Open
opened 2024-06-17 12:56:51 +02:00 by lukas · 0 comments
Owner

Some very large images are not accepted by szurubooru, as the server thinks it is an attack:

[2024-06-17 10:48:11] waitress Exception while serving /post/501
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/waitress/channel.py", line 350, in service
    task.service()
  File "/usr/lib/python3.8/site-packages/waitress/task.py", line 171, in service
    self.execute()
  File "/usr/lib/python3.8/site-packages/waitress/task.py", line 441, in execute
    app_iter = self.channel.server.application(environ, start_response)
  File "/opt/app/szurubooru/rest/app.py", line 104, in application
    response = handler(ctx, match.groupdict())
  File "/opt/app/szurubooru/api/post_api.py", line 127, in update_post
    posts.update_post_content(
  File "/opt/app/szurubooru/func/posts.py", line 646, in update_post_content
    post.signature = generate_post_signature(post, content)
  File "/opt/app/szurubooru/func/posts.py", line 551, in generate_post_signature
    unpacked_signature = image_hash.generate_signature(content)
  File "/opt/app/szurubooru/func/image_hash.py", line 229, in generate_signature
    im_array = _preprocess_image(content)
  File "/opt/app/szurubooru/func/image_hash.py", line 43, in _preprocess_image
    img = Image.open(BytesIO(content))
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2916, in open
    im = _open_core(fp, filename, prefix)
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2903, in _open_core
    _decompression_bomb_check(im.size)
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2826, in _decompression_bomb_check
    raise DecompressionBombError(
PIL.Image.DecompressionBombError: Image size (191410768 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack.

Changing this pixel count requires a custom image, as this variable is hardcoded into the code. https://github.com/rr-/szurubooru/issues/503 and https://github.com/rr-/szurubooru/issues/662 provide solutions on this.

Some very large images are not accepted by szurubooru, as the server thinks it is an attack: ``` [2024-06-17 10:48:11] waitress Exception while serving /post/501 Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/waitress/channel.py", line 350, in service task.service() File "/usr/lib/python3.8/site-packages/waitress/task.py", line 171, in service self.execute() File "/usr/lib/python3.8/site-packages/waitress/task.py", line 441, in execute app_iter = self.channel.server.application(environ, start_response) File "/opt/app/szurubooru/rest/app.py", line 104, in application response = handler(ctx, match.groupdict()) File "/opt/app/szurubooru/api/post_api.py", line 127, in update_post posts.update_post_content( File "/opt/app/szurubooru/func/posts.py", line 646, in update_post_content post.signature = generate_post_signature(post, content) File "/opt/app/szurubooru/func/posts.py", line 551, in generate_post_signature unpacked_signature = image_hash.generate_signature(content) File "/opt/app/szurubooru/func/image_hash.py", line 229, in generate_signature im_array = _preprocess_image(content) File "/opt/app/szurubooru/func/image_hash.py", line 43, in _preprocess_image img = Image.open(BytesIO(content)) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2916, in open im = _open_core(fp, filename, prefix) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2903, in _open_core _decompression_bomb_check(im.size) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2826, in _decompression_bomb_check raise DecompressionBombError( PIL.Image.DecompressionBombError: Image size (191410768 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack. ``` Changing this pixel count requires a custom image, as this variable is hardcoded into the code. https://github.com/rr-/szurubooru/issues/503 and https://github.com/rr-/szurubooru/issues/662 provide solutions on this.
lukas added the
Priority
Low
Kind
Bug
Status
Planned
Domain
libre.moe
Service
Szuru
labels 2024-06-17 12:56:51 +02:00
lukas self-assigned this 2024-06-17 12:56:51 +02:00
lukas added this to the Issue Board project 2024-06-17 12:56:51 +02:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: KomuSolutions/igot99issues#45
No description provided.