From ef5fe795d08f464f2cee813a2b7fd0a42a8e51e1 Mon Sep 17 00:00:00 2001 From: James Jackson-South Date: Tue, 1 Aug 2023 12:16:52 +1000 Subject: [PATCH] Prevent crafted DOS attack. --- .../Formats/Pbm/BufferedReadStreamExtensions.cs | 2 +- .../ImageSharp.Tests/Formats/Pbm/PbmMetadataTests.cs | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/ImageSharp/Formats/Pbm/BufferedReadStreamExtensions.cs b/src/ImageSharp/Formats/Pbm/BufferedReadStreamExtensions.cs index d62ca3280..5d5537e39 100644 --- a/src/ImageSharp/Formats/Pbm/BufferedReadStreamExtensions.cs +++ b/src/ImageSharp/Formats/Pbm/BufferedReadStreamExtensions.cs @@ -28,7 +28,7 @@ internal static class BufferedReadStreamExtensions { innerValue = stream.ReadByte(); } - while (innerValue != 0x0a); + while (innerValue is not 0x0a and not -0x1); // Continue searching for whitespace. val = innerValue; diff --git a/tests/ImageSharp.Tests/Formats/Pbm/PbmMetadataTests.cs b/tests/ImageSharp.Tests/Formats/Pbm/PbmMetadataTests.cs index 499607772..c40ec7318 100644 --- a/tests/ImageSharp.Tests/Formats/Pbm/PbmMetadataTests.cs +++ b/tests/ImageSharp.Tests/Formats/Pbm/PbmMetadataTests.cs @@ -1,6 +1,7 @@ // Copyright (c) Six Labors. // Licensed under the Six Labors Split License. +using SixLabors.ImageSharp.Formats; using SixLabors.ImageSharp.Formats.Pbm; using static SixLabors.ImageSharp.Tests.TestImages.Pbm; @@ -80,4 +81,14 @@ public class PbmMetadataTests Assert.NotNull(bitmapMetadata); Assert.Equal(expectedComponentType, bitmapMetadata.ComponentType); } + + [Fact] + public void Identify_HandlesCraftedDenialOfServiceString() + { + byte[] bytes = Convert.FromBase64String("UDEjWAAACQAAAAA="); + ImageInfo info = Image.Identify(bytes); + Assert.Equal(default, info.Size); + Configuration.Default.ImageFormatsManager.TryFindFormatByFileExtension("pbm", out IImageFormat format); + Assert.Equal(format!, info.Metadata.DecodedImageFormat); + } }