kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-04 22:40:12 +01:00
Code Activity

update: max image size of 16 mil pixels to stop image bomb attacks

Browse Source 
closes #555
This commit is contained in:
Hans-Christoph Steiner 2018-09-05 20:36:37 +02:00
parent 0cd1e0b172
commit 3ab66efcfe
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
fdroidserver/update.py
View File

@ -23,8 +23,10 @@ import sys
import os
import shutil
import glob
import logging
import re
import socket
import warnings
import zipfile
import hashlib
import json
@ -36,9 +38,6 @@ from argparse import ArgumentParser
import collections
from binascii import hexlify
from PIL import Image, PngImagePlugin
import logging
from . import _
from . import common
from . import index
@ -46,6 +45,10 @@ from . import metadata
from .common import SdkToolsPopen
from .exception import BuildException, FDroidException
from PIL import Image, PngImagePlugin
warnings.simplefilter('error', Image.DecompressionBombWarning)
Image.MAX_IMAGE_PIXELS = 0xffffff # 4096x4096
METADATA_VERSION = 20
# less than the valid range of versionCode, i.e. Java's Integer.MIN_VALUE