[Full-Disclosure] avoid jpeg overflow problems using on the fly conversion?

mettlers_at_thehive.ch
Date: 09/17/04

  • Next message: Harrison Gladden: "Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access" 
    To: full-disclosure@lists.netsys.com
Date: Fri, 17 Sep 2004 09:43:50 +0200 (CEST)

    while discussing the jpeg overflow problem and remembering the similar bmp
    issue, one of my co-workers (thanks lars) brought up the idea of
    sanitizing jpgs on the gateway level. google found me no hints for
    existing stuff except a modified micro_proxy for converting png 2 jpg from
    2001, when png support wasn't widely available. The project is at
    http://freshmeat.net/projects/png2jpgproxy/ and is derived from
    micro_proxy at http://www.acme.com/software/micro_proxy/

    looking at the code - i admit not being a programmer - i found it quite
    simple to modify the program to use it for the exact opposite. 3 lines of
    code need to be changed:

    from &&(strstr(line,"image/png"))) png_translate=1;
    to &&(strstr(line,"image/jpeg"))) png_translate=1; 

    ---
from printf("Content-Type: %s\r\n","image/jpeg");
to   printf("Content-Type: %s\r\n","image/png");
---
from conv_stream=popen("/usr/X11R6/bin/convert png:- jpg:-","w");
to   conv_stream=popen("/usr/X11R6/bin/convert jpg:- png:-","w");
---
i'm not able to deliver a decent patch-file, but you'll get the idea. It
seems to work fine, no change in html-code just a new mime-type and the
gfx-format changes of course.
imho on the fly converting jpg to png should mitigate the risk of getting
malicious jpeg's. while blocking jpeg for external mail might have a low
impact, doing the same for http is not really an option. Installing
MS04-028 in a larger environment might not be that easy either. Of course
micro_proxy/png2jpg runs via (x)inetd and might not be performant enough
to handle huge loads.
I don't know of any content screening product which sanitizes graphics,
their good at removing active script, exes, plugins etc. Converting
graphics might not be the most elegant way, but using this method in a
flexible way should help to react fast on similar security issues. One
could convert gif, bmp, you name it depending on new security issues
arising. Of course ImageMagick (convert) had it's issues in the past, but
i rather deal with issues on the proxy than with the ones on the
client/IE.
The conversion approach might be suitable for sanitizing other file types
like ms office (doc, xls) etc.
just an idea...
Regards
Sascha
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Harrison Gladden: "Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access"

    Relevant Pages