summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@mozilla.com>2016-05-04 05:36:33 +0200
committerDavid Lawrence <dkl@mozilla.com>2016-05-04 05:36:33 +0200
commit5a9a4e8572602b225b1de929d0570c276d743d4e (patch)
treec7db1eedab95be72d47d359e52551810818f7907
parent3484d7553d36b38a884619188a160fb6351c0374 (diff)
downloadbugzilla-5a9a4e8572602b225b1de929d0570c276d743d4e.tar.gz
bugzilla-5a9a4e8572602b225b1de929d0570c276d743d4e.tar.xz
Bug 1269795 - [BMO] ImageMagick Is On Fire  (CVE-2016-3714)
-rw-r--r--extensions/BmpConvert/Config.pm33
-rw-r--r--extensions/BmpConvert/Extension.pm106
2 files changed, 0 insertions, 139 deletions
diff --git a/extensions/BmpConvert/Config.pm b/extensions/BmpConvert/Config.pm
deleted file mode 100644
index 1b314917a..000000000
--- a/extensions/BmpConvert/Config.pm
+++ /dev/null
@@ -1,33 +0,0 @@
-# -*- Mode: perl; indent-tabs-mode: nil -*-
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Bugzilla Bug Tracking System.
-#
-# The Initial Developer of the Original Code is Everything Solved, Inc.
-# Portions created by the Initial Developer are Copyright (C) 2009
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-# Max Kanat-Alexander <mkanat@bugzilla.org>
-
-package Bugzilla::Extension::BmpConvert;
-use strict;
-use constant NAME => 'BmpConvert';
-use constant REQUIRED_MODULES => [
- {
- package => 'PerlMagick',
- module => 'Image::Magick',
- version => 0,
- },
-];
-
-__PACKAGE__->NAME;
diff --git a/extensions/BmpConvert/Extension.pm b/extensions/BmpConvert/Extension.pm
deleted file mode 100644
index efffa91b2..000000000
--- a/extensions/BmpConvert/Extension.pm
+++ /dev/null
@@ -1,106 +0,0 @@
-# -*- Mode: perl; indent-tabs-mode: nil -*-
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Bugzilla Bug Tracking System.
-#
-# The Initial Developer of the Original Code is Frédéric Buclin.
-# Portions created by Frédéric Buclin are Copyright (C) 2009
-# Frédéric Buclin. All Rights Reserved.
-#
-# Contributor(s):
-# Frédéric Buclin <LpSolit@gmail.com>
-# Max Kanat-Alexander <mkanat@bugzilla.org>
-
-package Bugzilla::Extension::BmpConvert;
-use strict;
-use base qw(Bugzilla::Extension);
-
-use Image::Magick;
-use File::Temp qw(:seekable);
-use File::stat qw(stat);
-
-our $VERSION = '1.0';
-
-sub attachment_process_data {
- my ($self, $args) = @_;
-
- return unless $args->{attributes}->{mimetype} eq 'image/bmp';
- eval {
- _try_convert_bmp_to_png($args);
- };
- warn $@ if $@;
-}
-
-
-# Here be dragons:
-# Image::Magick uses dualvars extensively to signal errors.
-# The documentation is either confusing or wrong in this regard.
-# This is not a great practice. dualvar(0, "foo") is a true value,
-# but dualvar(0, "foo") + 0 is not.
-# Also dualvar(1, "") is a false value, but dualvar(1, "") > 0 is true.
-#
-# "When a scalar has both string and numeric components (dualvars), Perl
-# prefers to check the string component for boolean truth."
-# From https://github.com/chromatic/modern_perl_book/blob/master/sections/coercion.pod
-sub _try_convert_bmp_to_png {
- my ($args) = @_;
-
- my $data = ${$args->{data}};
- my $img = Image::Magick->new(magick => 'bmp');
- my $size;
-
- if (ref $data) {
- my $read_error = $img->Read(file => \*$data);
-
- # rewind so it can be read in again by other code
- seek($data, 0, SEEK_SET);
-
- die "Error reading in BMP: $read_error"
- if $read_error;
-
- $img->set(magick => 'png');
-
- my $tmp = File::Temp->new(UNLINK => 1, SUFFIX => '.png');
- my $write_error = $img->Write(file => $tmp);
-
- die "Error converting BMP to PNG: $write_error"
- if $write_error;
-
- $tmp->flush;
- $size = stat($tmp->filename)->size;
- die "Error converting BMP to PNG results in empty file"
- if $size == 0;
-
- $tmp->seek(0, SEEK_SET);
- $data = $tmp;
- }
- else {
- my $parse_error = $img->BlobToImage($data);
- die "Error parsing in BMP: $parse_error"
- if $parse_error;
-
- $img->set(magick => 'png');
- $data = $img->ImageToBlob();
-
- die "Error converting BMP to PNG (empty PNG)"
- unless length($data) > 0;
-
- $size = length($data);
- }
-
- ${$args->{data}} = $data;
- $args->{attributes}->{mimetype} = 'image/png';
- $args->{attributes}->{filename} =~ s/\.bmp$/.png/i;
- $args->{attributes}->{attach_size} = $size;
-}
-
- __PACKAGE__->NAME;