[Bug 271020] [NEW] jhead: multiple security vulnerabilities
Launchpad Bug Tracker
271020 at bugs.launchpad.net
Sat Oct 25 01:01:26 BST 2008
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by John Dong (jdong):
jhead -cmd fails when your filenames and resulting command line is too
long:
Before:jhead -cmd '/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r &i &o 100 70' /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg
Cmd:/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg" "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpt" 100 70
<init> : Avifile RELEASE-0.7.47-080115-14:47-4.2.3
<init> : Available CPU flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni monitor ds_cpl vmx est tm
<init> : 1000.00 MHz Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz processor detected
Error : specified command did not produce expected output file <<<<<<<<<<<<<<<<<<<<<<<<<
in file '/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg'
After:
gandalf:/var/tmp/jhead-2.80# ./jhead -cmd '/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r &i &o 100 70' /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg
Cmd:/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg" "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpt" 100 70
<init> : Avifile RELEASE-0.7.47-080115-14:47-4.2.3
<init> : Available CPU flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni monitor ds_cpl vmx est tm
<init> : 1000.00 MHz Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz processor detected
Modified: /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg
Diff is trivial:
gandalf:/var/tmp/jhead-2.80# diff -u jhead.c.orig jhead.c
--- jhead.c.orig 2008-09-16 11:00:16.000000000 -0700
+++ jhead.c 2008-09-16 11:00:23.000000000 -0700
@@ -298,8 +298,8 @@
static void DoCommand(const char * FileName, int ShowIt)
{
int a,e;
- char ExecString[400];
- char TempName[200];
+ char ExecString[64000];
+ char TempName[32000];
int TempUsed = FALSE;
e = 0;
** Affects: jhead (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: jhead (Ubuntu Dapper)
Importance: Undecided
Status: New
** Affects: jhead (Ubuntu Gutsy)
Importance: Undecided
Status: New
** Affects: jhead (Ubuntu Hardy)
Importance: Undecided
Status: New
** Affects: jhead (Ubuntu Intrepid)
Importance: Undecided
Status: Confirmed
** Tags: bitesize
--
jhead: multiple security vulnerabilities
https://bugs.edge.launchpad.net/bugs/271020
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list