incubator-sanselan-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Louis Ryan <lr...@google.com>
Subject Using Sanselan in Shindig (fellow incubator)
Date Thu, 22 Jan 2009 22:38:43 GMT
Hi

Ive been investigating using Sanselan as part of an image rewriting feature
we are including in the Shindig project (
http://incubator.apache.org/shindig/). The goal is to rewrite images fetched
through an HTTP proxy to reduce their size either by switching encoding e.g.
BMP -> PNG or by stripping metadata (EXIF, comments ...) Im primarily using
Sanselan to parse the image metadata to avoid exposing the code to the many
security vulnerabilities that exist in ImageIO on various VMs such as

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789

This works very well as Sanselan is very strict in how it parses certain
datastructures such as ICC profiles where specially crafted images could
cause buffer overrun attacks in the native libraries in ImageIO. I have a
set of images that reproduce some of the common attacks against ImageIO that
I'm testing with and Sanselan does very well against them. I currently have
one image that can cause an OutOfMemory error by misrepresenting the number
of ICC tags when parsing the ICC profile (attached). Having a VM die from
OutOfMemory is better than a security vulnerability.

I was wondering whether you consider robustness against malicious image
parsing something you would like your code to handle (Id be happy to provide
test cases for what I have). As a more amorphous topic there is a real
shortage of secure image processing available in Java, most libraries are
designed for speed and not for robustness or defensiveness, building those
facilities in your project would be a boon to mankind and likely to attract
a great number of interested folks, myself included, to contribute actively.

Best

Louis Ryan

Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message