[tor-bugs] #23152 [Internal Services/Service - trac]: Disallow tiff (and other non png non text) uploads
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 8 15:53:21 UTC 2017
#23152: Disallow tiff (and other non png non text) uploads
--------------------------------------------------+-----------------
Reporter: cypherpunks | Owner: qbi
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Service - trac | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+-----------------
Tiff is a quite a complicated format. Its implementation can contain
vulnerabilities.
Some man creates tickets with tiffs attached:
#23140, #23085.
People consider this as an attack. They even ask him in a rude form not to
post tiffs. Maybe we should protect him from such a rudeness ;) I suggest
to disallow uploads of non-text formats other than the ones in the
following whitelist: ["png"].
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23152>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list