From 8c6e194086be02c477d4f06c11a59c7a3180d941 Mon Sep 17 00:00:00 2001 From: Dustin Date: Sat, 24 May 2025 09:14:55 -0600 Subject: [PATCH] Added sanity check to width and height --- .../CommonImageActionSettings.cs | 4 ++++ .../CommonImageActionsMiddleware.cs | 12 ++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/CommonImageActions.AspNetCore/CommonImageActionSettings.cs b/CommonImageActions.AspNetCore/CommonImageActionSettings.cs index 529b3e0..0f2a295 100644 --- a/CommonImageActions.AspNetCore/CommonImageActionSettings.cs +++ b/CommonImageActions.AspNetCore/CommonImageActionSettings.cs @@ -40,6 +40,10 @@ public string PathToWatch public static string DefaultDiskCacheLocation { get; set; } + public static int MaxUrlWidth { get; set; } = 5000; + + public static int MaxUrlHeight { get; set; } = 5000; + public static string[] ValidImageExtensions = { ".bmp", ".gif", diff --git a/CommonImageActions.AspNetCore/CommonImageActionsMiddleware.cs b/CommonImageActions.AspNetCore/CommonImageActionsMiddleware.cs index 85a4d48..e445040 100644 --- a/CommonImageActions.AspNetCore/CommonImageActionsMiddleware.cs +++ b/CommonImageActions.AspNetCore/CommonImageActionsMiddleware.cs @@ -281,13 +281,21 @@ public static ImageActions ConvertQueryStringToImageActions(string queryString, var widthString = query["width"] ?? query["w"]; if (int.TryParse(widthString, out int width)) { - imageActions.Width = width; + //sanity check to make sure no bad actor requests a number that may eat all the ram in the system + if(width < CommonImageActionSettings.MaxUrlWidth) + { + imageActions.Width = width; + } } var heightString = query["height"] ?? query["h"]; if (int.TryParse(heightString, out int height)) { - imageActions.Height = height; + //sanity check to make sure no bad actor requests a number that may eat all the ram in the system + if (width < CommonImageActionSettings.MaxUrlHeight) + { + imageActions.Height = height; + } } var pageString = query["Page"] ?? query["p"];