[Esa-l] Double Extensions fails

Phil Pennock pdp at nl.demon.net
Tue Feb 13 07:39:53 PST 2001


On 2001-02-13 at 07:13 -0800, John D. Hardin wrote:
> *.JPG is safe (at least until MS figures some way to script it), but

Unless you're using some versions of Netscape Navigator to view the
file; Netscape add to the libjpeg decoder, so that they can interpret
text chunks.  There was buffer overrun in their code to do this.

This was fixed a couple of months ago.  People may want to ensure that
their sites have upgraded their browsers.

Scary, when it's an overflow in an image, not scripting or anything, and
your protocol for retrieving the image includes the client typically
telling the server which OS and hardware platform it's running on,
before the server returns any data.

On 2001-02-13 at 07:12 -0800, John D. Hardin wrote:
> That would be very bad. The current double-extension rule would not
> catch it. I didn't think of space padding.

Oops.  I think that this has been discussed on BugTraq.

Thanks.  Out of curiosity -- how long until the proposed rewrite to
clean up the sanitizer's architecture has been completed?  I'm currently
trying to persuade people that the overhead of procmail is quite low,
our internal mailhub has plenty of power, etc.  I'd like to be able to
push for the cleaner "second generation" product, instead of "yes,
please understand that we need this, and look they're even about to
rewrite it".  :^/

Ta,
-- 
Phil Pennock                        <pdp at nl.demon.net> <Phil.Pennock at thus.net>
Demon Internet Nederland -- Network Operations Centre -- Systems Administrator
Libertes philosophica.
NL Sales: +31 20 422 20 00                          NL Support: 0800 33 6666 8



More information about the esd-l mailing list