https://bugzilla.wikimedia.org/show_bug.cgi?id=46921
Bawolff (Brian Wolff) <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Refuse uploading files that |Refuse uploading JPEG files |contain huge data of other |with extra junk at the end. |file types, especially if | |this data is encrypted | --- Comment #6 from Bawolff (Brian Wolff) <[email protected]> --- Hmm, if its just stuff concatenated at the end, it would probably be possible to detect (Look for the \xFF\xD9 marker, see if anything after it) [From a security paranoia, doing this would probably not be a bad idea. GIFAR and all] ----- Looking at these files, they are indeed just stuff stuffed at the end. For 1239: 00011d40 e6 93 34 a7 ad 25 0b 61 85 14 51 4c 0f ff d9 37 |..4..%.a..QL...7| 00011d50 7a bc af 27 1c 00 03 d8 f3 90 3d 40 84 9c 00 00 |z..'......=@....| Note the ff d9 denotes end of image (EOI). After that 37 7A BC AF 27 1C are the magic numbers for a 7z archive. For the second image (1240) we have: 0000dc80 dd cf a1 f5 a6 9e b4 87 a9 a1 6b a8 92 3f ff d9 |..........k..?..| 0000dc90 43 d6 cd 64 8a dc f7 24 57 18 a8 2f e3 dd 38 34 |C..d...$W../..84| Which doesn't have any magic numbers that I could see. However, it definitely doesn't appear to be JPEG data as we later on have ff sequences that aren't escaped. Maybe its the second part to some file split up over multiple jpegs or maybe encrypted, or something else. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
