[SECURITY] Avoid DoS in Online Media Helper 05/59105/2
authorOliver Hader <oliver@typo3.org>
Tue, 11 Dec 2018 09:57:31 +0000 (10:57 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 11 Dec 2018 09:57:33 +0000 (10:57 +0100)
commit16567366e2a25c0cbed7208c3be9eda962e28c9b
tree6d65b954a3c602791c3e017f9ef8a8a0896eed7f
parent232d0a64282382229c205904173a16a581555fe3
[SECURITY] Avoid DoS in Online Media Helper

Using large media files (*.youtube, *.vimeo in the TYPO3 core)
might lead to denial of service scenarios. In order to avoid
that, media files are limited to have a content size of 2048
bytes as a maximum. Usually these files contain just the remote
identifier - thus, ~20 bytes should have been sufficient already.

Resolves: #85381
Releases: master, 8.7, 7.6
Security-Commit: 36c64c45461dee1c4018b7c72a989952d1e2dd45
Security-Bulletin: TYPO3-CORE-SA-2018-011
Change-Id: Ib54cd9ab822ee33a44170822cc0a3c4da4132c95
Reviewed-on: https://review.typo3.org/59105
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Classes/Resource/OnlineMedia/Helpers/AbstractOnlineMediaHelper.php