Image Coders Question

Questions and postings pertaining to the usage of ImageMagick regardless of the interface. This includes the command-line utilities, as well as the C and C++ APIs. Usage questions are like "How do I use ImageMagick to create drop shadows?".
Post Reply
caliguian
Posts: 33
Joined: 2012-08-10T12:15:13-07:00
Authentication code: 67789

Image Coders Question

Post by caliguian »

So with the new vulnerability that was announce today (see here: https://www.imagemagick.org/discourse-s ... =4&t=29588), the solution is to add a set of lines to your policy.xml file. The lines that were mentioned include the following:

<policy domain="coder" rights="none" pattern="EPHEMERAL" />
<policy domain="coder" rights="none" pattern="HTTPS" />
<policy domain="coder" rights="none" pattern="MVG" />
<policy domain="coder" rights="none" pattern="MSL" />

From my little bit of googling about the image "coders", there is not a lot of information available on these. So, my question to you guys (who are collectively smarter than google!) is: What is the HTTPS coder? Is there a https image file format? Or what specifically does removing the rights from an HTTPS coder do? Or is somehow related to how the file is accessed (through HTTPS, perhaps?)?

If you can shine any light on this, I'd love to hear what you know!

Thanks!
snibgo
Posts: 12159
Joined: 2010-01-23T23:01:33-07:00
Authentication code: 1151
Location: England, UK

Re: Image Coders Question

Post by snibgo »

ImageMagick coders are the modules that read and write formats that are identified by letters before a colon at the start of filenames. For example:

Code: Select all

convert PNG:in.png PNG32:out.png
convert http://my.domain.com/in.png out.png
Coders that are internal to IM (as opposed to external delegates) have source code in the coders directory. "http:" etc is in coders/url.c.
snibgo's IM pages: im.snibgo.com
caliguian
Posts: 33
Joined: 2012-08-10T12:15:13-07:00
Authentication code: 67789

Re: Image Coders Question

Post by caliguian »

snibgo wrote:ImageMagick coders are the modules that read and write formats that are identified by letters before a colon at the start of filenames. For example:

Code: Select all

convert PNG:in.png PNG32:out.png
convert http://my.domain.com/in.png out.png
Coders that are internal to IM (as opposed to external delegates) have source code in the coders directory. "http:" etc is in coders/url.c.
Thank you for this information! Glad to hear someone knows how it works. :)

I'm still a bit confused by the HTTPS item in the list though; if that line is added to the policy file will it cause imagemagick processes that reference images through HTTPS to fail?
snibgo
Posts: 12159
Joined: 2010-01-23T23:01:33-07:00
Authentication code: 1151
Location: England, UK

Re: Image Coders Question

Post by snibgo »

Yes. For example (using HTTP):

Code: Select all

convert http://snibgo.com/imforums/rgimage1.png r.png
This succeeds. But if I insert ...

Code: Select all

<policy domain="coder" rights="none" pattern="HTTP" />
... into policy.xml, the command fails with:

Code: Select all

convert.exe: not authorized `//snibgo.com/imforums/rgimage1.png' @ error/constitute.c/ReadImage/412.
snibgo's IM pages: im.snibgo.com
caliguian
Posts: 33
Joined: 2012-08-10T12:15:13-07:00
Authentication code: 67789

Re: Image Coders Question

Post by caliguian »

snibgo wrote:Yes. For example (using HTTP):

Code: Select all

convert http://snibgo.com/imforums/rgimage1.png r.png
This succeeds. But if I insert ...

Code: Select all

<policy domain="coder" rights="none" pattern="HTTP" />
... into policy.xml, the command fails with:

Code: Select all

convert.exe: not authorized `//snibgo.com/imforums/rgimage1.png' @ error/constitute.c/ReadImage/412.
Thank you for information. That's very helpful.
Post Reply