Any field that takes in a data:base64 image is susceptible to crashing the whole server
https://nerimity.com/api/users/
POST body (authorization header required)
What the server expects:
{"avatar":"data:image/png;base64,insert+the+b64+encoded+image+here"}
What breaks the server:
{"avatar":"qwerty"}
If the avatar has a field that is not equal to a base64 encoded image, it crashes the image processing service and restarts
Not limited to avatar - also affects banner, and pretty much any endpoint that accepts images, and then crashes the whole thing
Simplest solution is to only accept b64 format images with a format check in the server, but alternative damage control could be to force the server to ignore errors and only log them through any service, with a custom error handler
Any field that takes in a data:base64 image is susceptible to crashing the whole server
https://nerimity.com/api/users/POST body (authorization header required)
What the server expects:
{"avatar":"data:image/png;base64,insert+the+b64+encoded+image+here"}What breaks the server:
{"avatar":"qwerty"}If the avatar has a field that is not equal to a base64 encoded image, it crashes the image processing service and restarts
Not limited to avatar - also affects banner, and pretty much any endpoint that accepts images, and then crashes the whole thing
Simplest solution is to only accept b64 format images with a format check in the server, but alternative damage control could be to force the server to ignore errors and only log them through any service, with a custom error handler