From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Thu, 29 Sep 2016 12:29:50 +0000 (+0200)
Subject: Fix potential DoS vulnerability in ImageProxy
X-Git-Tag: 3.0.0_Beta_2~61
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d08d11cdcd26998cedbbaff318f84e5576bce9cf;p=GitHub%2FWoltLab%2FWCF.git

Fix potential DoS vulnerability in ImageProxy
---

diff --git a/wcfsetup/install/files/lib/action/ImageProxyAction.class.php b/wcfsetup/install/files/lib/action/ImageProxyAction.class.php
index 7fbc7f3f61..b1c7250a54 100644
--- a/wcfsetup/install/files/lib/action/ImageProxyAction.class.php
+++ b/wcfsetup/install/files/lib/action/ImageProxyAction.class.php
@@ -61,7 +61,9 @@ class ImageProxyAction extends AbstractAction {
 				try {
 					// download image
 					try {
-						$request = new HTTPRequest($url);
+						$request = new HTTPRequest($url, [
+							'maxLength' => 10 * (1 << 20) // download at most 10 MiB
+						]);
 						$request->execute();
 					}
 					catch (SystemException $e) {