fix CVE-2021-23437

(cherry picked from commit 91c871c8da6cd8b745e3d165fb0cc92d5985756c)
2021-09-27 10:08:56 +08:00 · 2021-09-27 10:08:56 +08:00 · b2726eab73
commit b2726eab73
parent 39b649d729
2 changed files with 47 additions and 1 deletions
--- a/backport-CVE-2021-23437.patch
+++ b/backport-CVE-2021-23437.patch
@ -0,0 +1,42 @@
+From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001
+From: Hugo van Kemenade <hugovk@users.noreply.github.com>
+Date: Mon, 23 Aug 2021 19:10:49 +0300
+Subject: [PATCH] Raise ValueError if color specifier is too long
+
+Conflict:NA
+Reference:https://github.com/python-pillow/Pillow/commit/1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29
+----
+ Tests/test_imagecolor.py | 9 +++++++++
+ src/PIL/ImageColor.py    | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
+index b5d6937965..dbe8b9e957 100644
+--- a/Tests/test_imagecolor.py
+++ b/Tests/test_imagecolor.py
+@@ -191,3 +191,12 @@ def test_rounding_errors():
+     assert (255, 255) == ImageColor.getcolor("white", "LA")
+     assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
+     Image.new("LA", (1, 1), "white")
+
+
+def test_color_too_long():
+    # Arrange
+    color_too_long = "hsl(" + "1" * 100 + ")"
+
+    # Act / Assert
+    with pytest.raises(ValueError):
+        ImageColor.getrgb(color_too_long)
+diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
+index 51df440403..25f92f2c73 100644
+--- a/src/PIL/ImageColor.py
+++ b/src/PIL/ImageColor.py
+@@ -32,6 +32,8 @@ def getrgb(color):
+     :param color: A color string
+     :return: ``(red, green, blue[, alpha])``
+     """
+    if len(color) > 100:
+        raise ValueError("color specifier is too long")
+     color = color.lower()
+ 
+     rgb = colormap.get(color, None)
--- a/python-pillow.spec
+++ b/python-pillow.spec
@ -5,7 +5,7 @@
 
 Name:           python-pillow
 Version:        8.1.2
-Release:        2
+Release:        3
 Summary:        Python image processing library 
 License:        MIT
 URL:            http://python-pillow.github.io/
@ -28,6 +28,7 @@ Patch6010:      backport-Fix-Memory-DOS-in-ImageFont.patch
 Patch6011:      backport-0001-CVE-2021-34552.patch
 Patch6012:      backport-0002-CVE-2021-34552.patch
 Patch6013:      backport-Updated-default-value-for-SAMPLESPERPIXEL-tag.patch
+Patch6014:      backport-CVE-2021-23437.patch

 Patch9000:      backport-disable-test-sanity.patch

@ -164,6 +165,9 @@ pytest --ignore=_build.python2 --ignore=_build.python3 --ignore=_build.pypy3 -v
 %{python3_sitearch}/PIL/__pycache__/ImageQt*

 %changelog
+* Mon Sep 27 2021 luoyang <luoyang42@huawei.com> - 8.1.2-3
+- fix CVE-2021-23437
+
 * Thu Aug 19 2021 hanhui <hanhui15@huawei.com> - 8.1.2-2
 - DESC: enable test case from setup.py