Page MenuHome GnuPG
Create Task
Maniphest T1331

GnuPG Photo ID JPEG format checking incorrectly requires a JFIF Header
Closed, ResolvedPublic
Actions

Description

Issue:
GnuPG rejecting valid JPEGs when attempting addphoto.

Findings:
photoid.c (lines 144-153) incorrectly assumes all JPEGs have a JFIF header. This
is not the case, and JPEGs can use JFIF, EXIF, both, or no header at all.
Enclosed is one such image (Sample.jpg).

Resolution:

  • Either remove checking entirely (photoid.c lines 143 to 153), or
  • ... Continue with the broken checking (remember that JPEGs can contain JFIF,

EXIF, both, or none), but allow the user to override:

Change from...

/* Is it a JPEG? */
if(photo[0]!=0xFF || photo[1]!=0xD8 ||

 photo[6]!='J' || photo[7]!='F' || photo[8]!='I' || photo[9]!='F')
{
  log_error(_("`%s' is not a JPEG file\n"),filename);
  xfree(photo);
  photo=NULL;
  xfree(filename);
  filename=NULL;
  continue;
}

... to

/* Is it a JPEG? */
if(photo[0]!=0xFF || photo[1]!=0xD8 ||

 photo[6]!='J' || photo[7]!='F' || photo[8]!='I' || photo[9]!='F')
{
  tty_printf(_("`%s' does not begin with a JFIF header\n"),filename);
  if(!cpr_get_answer_is_yes("photoid.jpeg.jfif",
     _("Are you sure you want to use it? (y/N) ")))
    {
      xfree(photo);
      photo=NULL;
      xfree(filename);
      filename=NULL;
      continue;
    }
}

Details

Due Date
Jan 31 2012, 1:00 AM
Version
all

Event Timeline

pao set Version to all.Apr 3 2011, 2:02 PM
pao added a subscriber: pao.

pao added projects: gnupg, Bug Report.Apr 3 2011, 2:02 PM
werner added a subscriber: dshaw.Apr 4 2011, 4:39 PM
werner added a subscriber: werner.

I am not sure what to do. Do all the display tools in common use know about
non-JFIF encoded JPEGs?

werner assigned this task to dshaw.Apr 4 2011, 4:39 PM
dshaw added a comment.Apr 4 2011, 4:58 PM

I suppose if we wanted to be needlessly pedantic, RFC-4880 actually specifies
JFIF (not JPEG as a whole).

Nevertheless, we should support this. I suppose we could look for either the
'JFIF' or 'Exif' strings, or alternately just look for the 0xFFD8 that starts
all jpegs (no matter what header comes first).

pao added a comment.Apr 4 2011, 5:13 PM

Hi Werner, David,

Thank you for your prompt responses.

If by "know" you mean "able to decode", then I have yet to find a decoder that is not able to --- even
jpegtopnm handles it correctly.

Note that it may not be very precise to say that it is not "JFIF-encoded". The jpegtopnm manpage
explains it quite succinctly: "EXIF is an image format that is a subformat of JFIF (to wit, a JFIF file
that contains an EXIF header as an APP1 marker)."

It should be noted that David's statement where the first two bytes will be checked for 0xffd8 is the
same algorithm used for magic mimetype sniffing --- see
http://www.opensource.apple.com/source/file/file-23/file/magic/magic.mime.

dshaw added a project: Restricted Project.Dec 15 2011, 11:17 PM

Ok, fixed on 1.4, 2.0, and master.

werner set Due Date to Jan 31 2012, 1:00 AM.Jan 3 2012, 7:02 PM
werner closed this task as Resolved.Jan 30 2012, 6:11 PM
werner removed a project: Restricted Project.