diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-05-03 13:34:22 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-05-03 14:42:18 +0000 |
commit | c1b8d4bf2a36cd59e31758a9e6af872c17c4cfb8 (patch) | |
tree | bf8a9ad8c981be399fd229c489ef07f4372bcfa6 | |
parent | 71136c9621103522e85654c8e144d5f1c961de1c (diff) | |
download | qtwebkit-c1b8d4bf2a36cd59e31758a9e6af872c17c4cfb8.tar.gz |
Only load QImageIO plugins from white-listed formats
Not all QImage plugins are safe to load from the internet. We should
only load formats that are well-used on the internet and we can be
reasonably sure are safe.
[ChangeLog][WebKit][Behavior Change] QtWebkit will no longer support
any QImage plugin with the Size option, but instead only decode formats
that have been whitelisted. If you are using QtWebKit for controlled
content and wish to override the white-listed it can now be done with
the environment variable QTWEBKIT_IMAGEFORMAT_WHITELIST which takes a
comma-separated list of QImageIO formats.
Change-Id: Ifc4f1a3addfa4ec117697a12000db3c265422314
Reviewed-by: Richard J. Moore <rich@kde.org>
-rw-r--r-- | Source/WebCore/platform/graphics/qt/ImageDecoderQt.cpp | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/Source/WebCore/platform/graphics/qt/ImageDecoderQt.cpp b/Source/WebCore/platform/graphics/qt/ImageDecoderQt.cpp index 2917815bd..74696c23d 100644 --- a/Source/WebCore/platform/graphics/qt/ImageDecoderQt.cpp +++ b/Source/WebCore/platform/graphics/qt/ImageDecoderQt.cpp @@ -31,6 +31,7 @@ #include <QtCore/QBuffer> #include <QtCore/QByteArray> +#include <QtCore/QSet> #include <QtGui/QImageReader> namespace WebCore { @@ -45,6 +46,25 @@ ImageDecoderQt::~ImageDecoderQt() { } +static const char* s_formatWhiteList[] = {"png", "jpeg", "gif", "webp", "bmp", "svg", "ico", 0}; + +static bool isFormatWhiteListed(const QByteArray &format) +{ + static QSet<QByteArray> whiteListSet; + if (whiteListSet.isEmpty()) { + QByteArray whiteListEnv = qgetenv("QTWEBKIT_IMAGEFORMAT_WHITELIST"); + if (!whiteListEnv.isEmpty()) + whiteListSet = QSet<QByteArray>::fromList(whiteListEnv.split(',')); + + const char **formatIt = s_formatWhiteList; + while (*formatIt) { + whiteListSet.insert(QByteArray(*formatIt)); + ++formatIt; + } + } + return whiteListSet.contains(format); +} + void ImageDecoderQt::setData(SharedBuffer* data, bool allDataReceived) { if (failed()) @@ -73,6 +93,11 @@ void ImageDecoderQt::setData(SharedBuffer* data, bool allDataReceived) // QImageReader only allows retrieving the format before reading the image m_format = m_reader->format(); + if (!isFormatWhiteListed(m_format)) { + qWarning("Image of format '%s' blocked because it is not considered safe. If you are sure it is safe to do so, you can white-list the format by setting the environment variable QTWEBKIT_IMAGEFORMAT_WHITELIST=%s", m_format.constData(), m_format.constData()); + setFailed(); + m_reader.clear(); + } } bool ImageDecoderQt::isSizeAvailable() |