Szuru doesn't allow images with more than 178956970 pixels #45

New Issue

Open

opened 2024-06-17 12:56:51 +02:00 by lukas · 0 comments

lukas commented 2024-06-17 12:56:51 +02:00

Owner

Copy Link

Some very large images are not accepted by szurubooru, as the server thinks it is an attack:

[2024-06-17 10:48:11] waitress Exception while serving /post/501
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/waitress/channel.py", line 350, in service
    task.service()
  File "/usr/lib/python3.8/site-packages/waitress/task.py", line 171, in service
    self.execute()
  File "/usr/lib/python3.8/site-packages/waitress/task.py", line 441, in execute
    app_iter = self.channel.server.application(environ, start_response)
  File "/opt/app/szurubooru/rest/app.py", line 104, in application
    response = handler(ctx, match.groupdict())
  File "/opt/app/szurubooru/api/post_api.py", line 127, in update_post
    posts.update_post_content(
  File "/opt/app/szurubooru/func/posts.py", line 646, in update_post_content
    post.signature = generate_post_signature(post, content)
  File "/opt/app/szurubooru/func/posts.py", line 551, in generate_post_signature
    unpacked_signature = image_hash.generate_signature(content)
  File "/opt/app/szurubooru/func/image_hash.py", line 229, in generate_signature
    im_array = _preprocess_image(content)
  File "/opt/app/szurubooru/func/image_hash.py", line 43, in _preprocess_image
    img = Image.open(BytesIO(content))
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2916, in open
    im = _open_core(fp, filename, prefix)
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2903, in _open_core
    _decompression_bomb_check(im.size)
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2826, in _decompression_bomb_check
    raise DecompressionBombError(
PIL.Image.DecompressionBombError: Image size (191410768 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack.

Changing this pixel count requires a custom image, as this variable is hardcoded into the code. https://github.com/rr-/szurubooru/issues/503 and https://github.com/rr-/szurubooru/issues/662 provide solutions on this.

Some very large images are not accepted by szurubooru, as the server thinks it is an attack: ``` [2024-06-17 10:48:11] waitress Exception while serving /post/501 Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/waitress/channel.py", line 350, in service task.service() File "/usr/lib/python3.8/site-packages/waitress/task.py", line 171, in service self.execute() File "/usr/lib/python3.8/site-packages/waitress/task.py", line 441, in execute app_iter = self.channel.server.application(environ, start_response) File "/opt/app/szurubooru/rest/app.py", line 104, in application response = handler(ctx, match.groupdict()) File "/opt/app/szurubooru/api/post_api.py", line 127, in update_post posts.update_post_content( File "/opt/app/szurubooru/func/posts.py", line 646, in update_post_content post.signature = generate_post_signature(post, content) File "/opt/app/szurubooru/func/posts.py", line 551, in generate_post_signature unpacked_signature = image_hash.generate_signature(content) File "/opt/app/szurubooru/func/image_hash.py", line 229, in generate_signature im_array = _preprocess_image(content) File "/opt/app/szurubooru/func/image_hash.py", line 43, in _preprocess_image img = Image.open(BytesIO(content)) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2916, in open im = _open_core(fp, filename, prefix) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2903, in _open_core _decompression_bomb_check(im.size) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2826, in _decompression_bomb_check raise DecompressionBombError( PIL.Image.DecompressionBombError: Image size (191410768 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack. ``` Changing this pixel count requires a custom image, as this variable is hardcoded into the code. https://github.com/rr-/szurubooru/issues/503 and https://github.com/rr-/szurubooru/issues/662 provide solutions on this.

lukas added the

Priority

Low

Kind

Bug

Status

Planned

Domain

libre.moe

Service

Szuru|Kirei

labels 2024-06-17 12:56:51 +02:00

lukas self-assigned this 2024-06-17 12:56:51 +02:00

lukas added this to the Issue Board project 2024-06-17 12:56:51 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

No results found.

No results found.

Labels

Clear labels

Breaking

Breaking change that won't be backward compatible

Domain

komu.boo

Domain

langrock.info

Domain

libre.moe

Involves

Documentation

Issue invovles changing the documentation

Involves

Security

This is security issue

Involves

Testing

Issue or pull request related to testing

Kind

Bug

Something is not working

Kind

Enhancement

Improve existing functionality

Priority

Critical

The priority is critical

Priority

High

The priority is high

Priority

Low

The priority is low

Priority

Medium

The priority is medium

Service

Element

Service

Gitea

Service

Matrix

Service

Nextcloud

Service

Seafile

Service

Szuru|Kirei

Status

Abandoned

Somebody has started to work on this but abandoned work

Status

Blocked

Something is blocking this issue or pull request

Status

Duplicate

This issue or pull request already exists

Status

Invalid

Invalid issue

Status

Need More Info

Feedback is required to reproduce issue or to continue work

Status

Planned

Issue has been confirmed and is planned to be resolved

Status

Won't Fix

This issue won't be fixed

No Label

Domain

libre.moe

Kind

Bug

Priority

Low

Service

Szuru|Kirei

Status

Planned

Milestone

No items

No Milestone

Projects

Clear projects

No project Issue Board

Assignees

Clear assignees

leon lukas

No Assignees lukas

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: KomuSolutions/igot99issues#45

No description provided.