From 170cd41489ab25fc3b7a95dd31521dfe522b4f9e Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Thu, 5 May 2016 23:17:45 +0100
Subject: img: check magic number before giving common formats to ImageMagick

This mitigates CVE-2016-3714 and similar vulnerabilities by
avoiding passing obviously-wrong input to ImageMagick decoders.
---
 t/img.t | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 't/img.t')

diff --git a/t/img.t b/t/img.t
index 6f822bbd5..ec23d621f 100755
--- a/t/img.t
+++ b/t/img.t
@@ -146,10 +146,15 @@ like($outhtml, qr{src="(\./)?imgconversions/11x-redsquare\.jpg" width="11" heigh
 like($outhtml, qr{src="(\./)?imgconversions/12x-redsquare\.jpeg" width="12" height="12"});
 
 # We do not misinterpret images
+my $quot = qr/(?:"|&quot;)/;
+like($outhtml, qr/${quot}really-svg\.png${quot} does not seem to be a valid png file/);
 ok(! -e "$outpath/666x-really-svg.png");
 ok(! -e "$outpath/666x-really-svg.bmp");
+like($outhtml, qr/${quot}really-pdf\.jpeg${quot} does not seem to be a valid jpeg file/);
 ok(! -e "$outpath/666x-really-pdf.jpeg");
+like($outhtml, qr/${quot}really-pdf\.jpg${quot} does not seem to be a valid jpeg file/);
 ok(! -e "$outpath/666x-really-pdf.jpg");
+like($outhtml, qr/${quot}really-pdf\.png${quot} does not seem to be a valid png file/);
 ok(! -e "$outpath/666x-really-pdf.png");
 
 # disable support for uncommon formats and try again
-- 
cgit v1.2.3