[Bug 271020] [NEW] jhead: multiple security vulnerabilities

Sat Oct 25 01:01:26 BST 2008

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by John Dong (jdong):

jhead -cmd fails when your filenames and resulting command line is too
long:

Before:jhead -cmd '/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r &i &o 100 70' /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg
Cmd:/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg" "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpt" 100 70
<init> : Avifile RELEASE-0.7.47-080115-14:47-4.2.3
<init> : Available CPU flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni monitor ds_cpl vmx est tm
<init> : 1000.00 MHz Intel(R) Core(TM)2 CPU         T7200  @ 2.00GHz processor detected
Error : specified command did not produce expected output file <<<<<<<<<<<<<<<<<<<<<<<<<
in file '/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg'

After:
gandalf:/var/tmp/jhead-2.80# ./jhead -cmd '/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r &i &o 100 70' /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg
Cmd:/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg" "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpt" 100 70
<init> : Avifile RELEASE-0.7.47-080115-14:47-4.2.3
<init> : Available CPU flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni monitor ds_cpl vmx est tm
<init> : 1000.00 MHz Intel(R) Core(TM)2 CPU         T7200  @ 2.00GHz processor detected
Modified: /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg

Diff is trivial:
gandalf:/var/tmp/jhead-2.80# diff -u jhead.c.orig jhead.c

--- jhead.c.orig        2008-09-16 11:00:16.000000000 -0700
+++ jhead.c     2008-09-16 11:00:23.000000000 -0700
@@ -298,8 +298,8 @@
 static void DoCommand(const char * FileName, int ShowIt)
 {
     int a,e;
-    char ExecString[400];
-    char TempName[200];
+    char ExecString[64000];
+    char TempName[32000];
     int TempUsed = FALSE;
 
     e = 0;

** Affects: jhead (Ubuntu)
     Importance: Undecided
         Status: Confirmed

** Affects: jhead (Ubuntu Dapper)
     Importance: Undecided
         Status: New

** Affects: jhead (Ubuntu Gutsy)
     Importance: Undecided
         Status: New

** Affects: jhead (Ubuntu Hardy)
     Importance: Undecided
         Status: New

** Affects: jhead (Ubuntu Intrepid)
     Importance: Undecided
         Status: Confirmed


** Tags: bitesize
-- 
jhead: multiple security vulnerabilities
https://bugs.edge.launchpad.net/bugs/271020
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.

