1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
From 0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Sat, 28 Oct 2023 15:58:52 +1100
Subject: [PATCH] python3-pillow: Allow ops
CVE: CVE-2023-50447
Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80]
Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com>
---
Tests/test_imagemath.py | 5 +++++
src/PIL/ImageMath.py | 9 +++++----
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/Tests/test_imagemath.py b/Tests/test_imagemath.py
index fe7ac9a7a..ded8c0011 100644
--- a/Tests/test_imagemath.py
+++ b/Tests/test_imagemath.py
@@ -63,6 +63,11 @@ def test_prevent_exec(expression):
ImageMath.eval(expression)
+def test_prevent_double_underscores():
+ with pytest.raises(ValueError):
+ ImageMath.eval("1", {"__": None})
+
+
def test_logical():
assert pixel(ImageMath.eval("not A", images)) == 0
assert pixel(ImageMath.eval("A and B", images)) == "L 2"
diff --git a/src/PIL/ImageMath.py b/src/PIL/ImageMath.py
index 923a8eeae..c14598a4c 100644
--- a/src/PIL/ImageMath.py
+++ b/src/PIL/ImageMath.py
@@ -237,13 +237,14 @@ def eval(expression, _dict={}, **kw):
# build execution namespace
args = ops.copy()
- args.update(_dict)
- args.update(kw)
- for k, v in args.items():
- if '__' in k or hasattr(__builtins__, k):
+ for k in list(_dict.keys()) + list(kw.keys()):
+ if "__" in k or hasattr(__builtins__, k):
msg = f"'{k}' not allowed"
raise ValueError(msg)
+ args.update(_dict)
+ args.update(kw)
+ for k, v in args.items():
if hasattr(v, "im"):
args[k] = _Operand(v)
--
2.40.0
|