Ubuntu
jhead package

jhead: multiple security vulnerabilities

Bug #271020 reported by Marc MERLIN on 2008-09-16

278

	Status	Importance	Assigned to
jhead (Ubuntu)	Fix Released	High	Unassigned
Dapper	Won't Fix	Undecided	Unassigned
Gutsy	Won't Fix	Undecided	Unassigned
Hardy	Won't Fix	Undecided	Unassigned
Intrepid	Fix Released	High	Unassigned

Bug Description

jhead -cmd fails when your filenames and resulting command line is too long:

Before:jhead -cmd '/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r &i &o 100 70' /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg
Cmd:/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg" "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpt" 100 70
<init> : Avifile RELEASE-0.7.47-080115-14:47-4.2.3
<init> : Available CPU flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni monitor ds_cpl vmx est tm
<init> : 1000.00 MHz Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz processor detected
Error : specified command did not produce expected output file <<<<<<<<<<<<<<<<<<<<<<<<<
in file '/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg'

After:
gandalf:/var/tmp/jhead-2.80# ./jhead -cmd '/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r &i &o 100 70' /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg
Cmd:/usr/local/Rig/rig/thumbnail/rig_thumbnail.exe -r "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg" "/home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpt" 100 70
<init> : Avifile RELEASE-0.7.47-080115-14:47-4.2.3
<init> : Available CPU flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni monitor ds_cpl vmx est tm
<init> : 1000.00 MHz Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz processor detected
Modified: /home/merlin/rig3/blog/cat/diving/Pix/rig-cache/20080824_French_Polynesia/20080830_Rangiroa/Day8-2_Rangiroa-Tiputa_Pass/BestOf/prev100_129_Day8-2_Rangiroa-Tiputa_Pass.jpg

Diff is trivial:
gandalf:/var/tmp/jhead-2.80# diff -u jhead.c.orig jhead.c
--- jhead.c.orig 2008-09-16 11:00:16.000000000 -0700
+++ jhead.c 2008-09-16 11:00:23.000000000 -0700
@@ -298,8 +298,8 @@
static void DoCommand(const char * FileName, int ShowIt)
{
int a,e;
- char ExecString[400];
- char TempName[200];
+ char ExecString[64000];
+ char TempName[32000];
int TempUsed = FALSE;

e = 0;

Tags: