Bill Allombert wrote:
>>The jpeg comment printed by the tool rdjpgcom differs from the jpeg
>>comment present in the jpeg file.
>>
>>For example, rdjpegcom replaces "unprintable" bytes with a
>>backslash-sequence (see function process_COM in file rdjpgcom.c).
>>
>>This is a problem if the comment is in a different encoding than the
>>system's locale, or if the comment is in a multibyte encoding (e.g. utf-8).
> Actually this is a security-feature. As I wrote in bug #116589:
> For safety reason, rdjpgcom output non printable characters in jpeg
> comments as octal sequences, to avoid security problem when reading
> comments in 'untrusted' jpeg files.
>
> You can convert octal sequence to character with
>
> % /bin/echo -e `rdjpgcom orig1.jpg`
>
> I am not sure how this can be improved.
This would not help with the line-endings alterations.
I am not really convinced that rdjpgcom needs such a security feature.
Just imagine /bin/cat were affected that way. It would be useless.
What kind of attack do you have in mind that is possible with literal
output and impossible with the quoted output?
Anyway, I imagine some programs already depend on the current behaviour.
(the echo -e workaround sure does)
Suggestion: You could introduce a new command line option ("-raw" or
something) that leaves the comment untouched. Please set severity to
"wishlist", if you don't mind.
Best regards,
Tobias
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
