File CVE-2021-23437.patch of Package python-Pillow.35230

From 9e08eb8f78fdfd2f476e1b20b7cf38683754866b Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <hugovk@users.noreply.github.com>
Date: Mon, 23 Aug 2021 19:10:49 +0300
Subject: [PATCH] Raise ValueError if color specifier is too long

---
 Tests/test_imagecolor.py | 9 +++++++++
 src/PIL/ImageColor.py    | 2 ++
 2 files changed, 11 insertions(+)

Index: Pillow-7.2.0/Tests/test_imagecolor.py
===================================================================
--- Pillow-7.2.0.orig/Tests/test_imagecolor.py
+++ Pillow-7.2.0/Tests/test_imagecolor.py
@@ -190,3 +190,12 @@ def test_rounding_errors():
     assert (255, 255) == ImageColor.getcolor("white", "LA")
     assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
     Image.new("LA", (1, 1), "white")
+
+
+def test_color_too_long():
+    # Arrange
+    color_too_long = "hsl(" + "1" * 100 + ")"
+
+    # Act / Assert
+    with pytest.raises(ValueError):
+        ImageColor.getrgb(color_too_long)
Index: Pillow-7.2.0/src/PIL/ImageColor.py
===================================================================
--- Pillow-7.2.0.orig/src/PIL/ImageColor.py
+++ Pillow-7.2.0/src/PIL/ImageColor.py
@@ -32,6 +32,8 @@ def getrgb(color):
     :param color: A color string
     :return: ``(red, green, blue[, alpha])``
     """
+    if len(color) > 100:
+        raise ValueError("color specifier is too long")
     color = color.lower()
 
     rgb = colormap.get(color, None)