incubator-sanselan-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremias Maerki <...@jeremias-maerki.ch>
Subject Re: Using Sanselan in Shindig (fellow incubator)
Date Wed, 28 Jan 2009 07:45:52 GMT
Just my personal opinion as a mentor for Sanselan, but since Sanselan
will never be able to win the performance contest in image handling, I
can see the benefit of positioning Sanselan as a specialist for secure
image processing (in addition to the current focus points). ImageIO is
probably good enough for most so Sanselan has a somewhat difficult stand
to position itself.

BTW, the attachment you mentioned is missing. But it's probably best to
open a new issue in JIRA and attach it there.

On 22.01.2009 23:38:43 Louis Ryan wrote:
> Hi
> 
> Ive been investigating using Sanselan as part of an image rewriting feature
> we are including in the Shindig project (
> http://incubator.apache.org/shindig/). The goal is to rewrite images fetched
> through an HTTP proxy to reduce their size either by switching encoding e.g.
> BMP -> PNG or by stripping metadata (EXIF, comments ...) Im primarily using
> Sanselan to parse the image metadata to avoid exposing the code to the many
> security vulnerabilities that exist in ImageIO on various VMs such as
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789
> 
> This works very well as Sanselan is very strict in how it parses certain
> datastructures such as ICC profiles where specially crafted images could
> cause buffer overrun attacks in the native libraries in ImageIO. I have a
> set of images that reproduce some of the common attacks against ImageIO that
> I'm testing with and Sanselan does very well against them. I currently have
> one image that can cause an OutOfMemory error by misrepresenting the number
> of ICC tags when parsing the ICC profile (attached). Having a VM die from
> OutOfMemory is better than a security vulnerability.
> 
> I was wondering whether you consider robustness against malicious image
> parsing something you would like your code to handle (Id be happy to provide
> test cases for what I have). As a more amorphous topic there is a real
> shortage of secure image processing available in Java, most libraries are
> designed for speed and not for robustness or defensiveness, building those
> facilities in your project would be a boon to mankind and likely to attract
> a great number of interested folks, myself included, to contribute actively.
> 
> Best
> 
> Louis Ryan




Jeremias Maerki


Mime
View raw message