0

Possible Duplicate:
Security threats with uploads

I'm allowing users to upload an image to our site. Am I right in thinking I should check the extension of the file .jpg/.jpeg/.gif as well as the mime type to make sure no dangerous files are uploaded?

Also should I resize the file upon upload to check that it is an actual image file, rather than a renamed exe or similar? Eg if the resize fails, then it's not a image file.

Are there any other forms of attack I should be guarding against?

Edit: Also adding an .htaccess file in the image folder so php files can't execute:

AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
order deny,allow
deny from all
Community
  • 1
  • 1
GT22
  • 503
  • 1
  • 8
  • 25
  • don't rely on anything the user gives you; disregard and discard their filename completely, including the extension. Look inside the file and make sure it looks like what you want, further sanitizing it if you can. then generate your own safe filename. For extra security, consider saving it outside of the document root of the webserver and only deliver the file through your own script. – Cheekysoft Jun 22 '12 at 12:18
  • above question is now reopened. – Cheekysoft Jun 22 '12 at 12:19

4 Answers4

2

The best way to identify file type is by using the file command line tool or any other tool based on the same 'magic string' database principle, it knows the binary signatures of many, many files and tells you which one's a match.

The pros of this approach is that it's immune to both extension and MIME type manipulation and also is immune to potential exploits on the image manipulation libraries you would use to resize the file (of which there have been some over the years).

The cons of this approach is that it might fail on borderline cases (not big of a problem for validation, in general) and that you need to be able to use such a tool, which might not be available on many shared hosting providers. On the upside, there is a PHP extension using this approach here: http://www.php.net/manual/en/intro.fileinfo.php

Vinko Vrsalovic
  • 330,807
  • 53
  • 334
  • 373
2

Resizing the images sounds like a good idea. Don't forget that some real images are uploaded with php code just to use them in any local include vulnerability.

Vinko Vrsalovic
  • 330,807
  • 53
  • 334
  • 373
Thawab
  • 69
  • 1
  • +1 Copying the image's canvas data to a fresh canvas and saving is a good way to strip out non-image data and other stegonagraphic information. Slightly resizing the image is also a good technique to destroy further unwanted hidden data. – Cheekysoft Jun 22 '12 at 12:24
  • Not necessarily, the non-image data might trigger exploit the image library code itself. The binary string approach is safer and faster. Although I agree that if that's not the case, it's a good idea. – Vinko Vrsalovic Jun 22 '12 at 12:48
-1

You should definitely check for mime type on uploaded files, because attacker can potently upload a file called somethingbad.php.jpg and it will be executed like a normal php script.

madeye
  • 1,398
  • 3
  • 15
  • 33
-2

No security issues in uploading files.

  1. Just ensure that you only store the uploaded files with an extension that is for images
  2. Have an upper limit on the file size - this will protect the server from malicious people send (for example /dev/zero) to you.
  3. When serving those files ensure that the MIME type is for a image.

The other posts are incorrect

  1. The browser does not run PHP code
  2. Do not trust anything from the browser. Just take the data from the browser as advisement. i.e. you can fake the MIME type.
Ed Heal
  • 59,252
  • 17
  • 87
  • 127