Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)

app/lib/exceptions.rb

@@ -6,6 +6,7 @@ module Mastodon
   class ValidationError < Error; end
   class HostValidationError < ValidationError; end
   class LengthValidationError < ValidationError; end
+  class DimensionsValidationError < ValidationError; end
   class RaceConditionError < Error; end
 
   class UnexpectedResponseError < Error

app/models/concerns/attachmentable.rb

@@ -1,10 +1,15 @@
 # frozen_string_literal: true
 
+require 'mime/types'
+
 module Attachmentable
   extend ActiveSupport::Concern
 
+  MAX_MATRIX_LIMIT = 16_777_216 # 4096x4096px or approx. 16MB
+
   included do
     before_post_process :set_file_extensions
+    before_post_process :check_image_dimensions
   end
 
   private
@@ -12,10 +17,31 @@ module Attachmentable
   def set_file_extensions
     self.class.attachment_definitions.each_key do |attachment_name|
       attachment = send(attachment_name)
+
       next if attachment.blank?
-      extension = Paperclip::Interpolations.content_type_extension(attachment, :original)
-      basename  = Paperclip::Interpolations.basename(attachment, :original)
-      attachment.instance_write :file_name, [basename, extension].delete_if(&:blank?).join('.')
+
+      attachment.instance_write :file_name, [Paperclip::Interpolations.basename(attachment, :original), appropriate_extension(attachment)].delete_if(&:blank?).join('.')
     end
   end
+
+  def check_image_dimensions
+    self.class.attachment_definitions.each_key do |attachment_name|
+      attachment = send(attachment_name)
+
+      next if attachment.blank? || !attachment.content_type.match?(/image.*/) || attachment.queued_for_write[:original].blank?
+
+      width, height = FastImage.size(attachment.queued_for_write[:original].path)
+
+      raise Mastodon::DimensionsValidationError, "#{width}x#{height} images are not supported" if width.present? && height.present? && (width * height >= MAX_MATRIX_LIMIT)
+    end
+  end
+
+  def appropriate_extension(attachment)
+    mime_type = MIME::Types[attachment.content_type]
+
+    extensions_for_mime_type = mime_type.empty? ? [] : mime_type.first.extensions
+    original_extension       = Paperclip::Interpolations.extension(attachment, :original)
+
+    extensions_for_mime_type.include?(original_extension) ? original_extension : extensions_for_mime_type.first
+  end
 end

app/models/custom_emoji.rb

@@ -40,6 +40,8 @@ class CustomEmoji < ApplicationRecord
 
   remotable_attachment :image, LIMIT
 
+  include Attachmentable
+
   def local?
     domain.nil?
   end

app/models/media_attachment.rb

@@ -19,8 +19,6 @@
 #  description       :text
 #
 
-require 'mime/types'
-
 class MediaAttachment < ApplicationRecord
   self.inheritance_column = nil
 
@@ -70,6 +68,8 @@ class MediaAttachment < ApplicationRecord
   validates_attachment_size :file, less_than: LIMIT
   remotable_attachment :file, LIMIT
 
+  include Attachmentable
+
   validates :account, presence: true
   validates :description, length: { maximum: 420 }, if: :local?
 
@@ -176,9 +176,6 @@ class MediaAttachment < ApplicationRecord
 
   def set_type_and_extension
     self.type = VIDEO_MIME_TYPES.include?(file_content_type) ? :video : :image
-    extension = appropriate_extension
-    basename  = Paperclip::Interpolations.basename(file, :original)
-    file.instance_write :file_name, [basename, extension].delete_if(&:blank?).join('.')
   end
 
   def set_meta
@@ -223,13 +220,4 @@ class MediaAttachment < ApplicationRecord
       bitrate: movie.bitrate,
     }
   end
-
-  def appropriate_extension
-    mime_type = MIME::Types[file.content_type]
-
-    extensions_for_mime_type = mime_type.empty? ? [] : mime_type.first.extensions
-    original_extension       = Paperclip::Interpolations.extension(file, :original)
-
-    extensions_for_mime_type.include?(original_extension) ? original_extension : extensions_for_mime_type.first
-  end
 end