Full Disclosure mailing list archives
Re: avoid jpeg overflow problems using on the fly conversion?
From: William Warren <hescominsoon () emmanuelcomputerconsulting com>
Date: Fri, 17 Sep 2004 08:03:30 -0400
The only problem is this..there is no reason to sanitize jpeg's as this is not a jpeg issue but a Microsoft problem when dealing with jpeg's. Things that do not depend on the dll are not affected(mozilla/firefox and opera if i remember correctly). If this was a jpeg issue then everything would be affected..also of note is that win2k users are not affected(with the exception of ie6).
mettlers () thehive ch wrote:
while discussing the jpeg overflow problem and remembering the similar bmp issue, one of my co-workers (thanks lars) brought up the idea of sanitizing jpgs on the gateway level. google found me no hints for existing stuff except a modified micro_proxy for converting png 2 jpg from 2001, when png support wasn't widely available. The project is at http://freshmeat.net/projects/png2jpgproxy/ and is derived from micro_proxy at http://www.acme.com/software/micro_proxy/ looking at the code - i admit not being a programmer - i found it quite simple to modify the program to use it for the exact opposite. 3 lines of code need to be changed: from &&(strstr(line,"image/png"))) png_translate=1; to &&(strstr(line,"image/jpeg"))) png_translate=1; --- from printf("Content-Type: %s\r\n","image/jpeg"); to printf("Content-Type: %s\r\n","image/png"); --- from conv_stream=popen("/usr/X11R6/bin/convert png:- jpg:-","w"); to conv_stream=popen("/usr/X11R6/bin/convert jpg:- png:-","w"); --- i'm not able to deliver a decent patch-file, but you'll get the idea. It seems to work fine, no change in html-code just a new mime-type and the gfx-format changes of course. imho on the fly converting jpg to png should mitigate the risk of getting malicious jpeg's. while blocking jpeg for external mail might have a low impact, doing the same for http is not really an option. Installing MS04-028 in a larger environment might not be that easy either. Of course micro_proxy/png2jpg runs via (x)inetd and might not be performant enough to handle huge loads. I don't know of any content screening product which sanitizes graphics, their good at removing active script, exes, plugins etc. Converting graphics might not be the most elegant way, but using this method in a flexible way should help to react fast on similar security issues. One could convert gif, bmp, you name it depending on new security issues arising. Of course ImageMagick (convert) had it's issues in the past, but i rather deal with issues on the proxy than with the ones on the client/IE. The conversion approach might be suitable for sanitizing other file types like ms office (doc, xls) etc. just an idea... Regards Sascha _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- My "Foundation" verse:Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
-- carpe ductum -- "Grab the tape" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- re jpeg vuln mike gringo (Sep 16)
- avoid jpeg overflow problems using on the fly conversion? mettlers (Sep 17)
- Re: avoid jpeg overflow problems using on the fly conversion? Nick FitzGerald (Sep 17)
- Re: avoid jpeg overflow problems using on the fly conversion? Valdis . Kletnieks (Sep 17)
- Re: avoid jpeg overflow problems using on the fly conversion? Sascha Mettler (Sep 18)
- Re: avoid jpeg overflow problems using on the fly conversion? Nick FitzGerald (Sep 17)
- Re: avoid jpeg overflow problems using on the fly conversion? William Warren (Sep 17)
- avoid jpeg overflow problems using on the fly conversion? mettlers (Sep 17)