Last modified: 2011-04-14 15:11:13 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T12847, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 10847 - Detect RAR concatenation in jpeg images


Summary:	Detect RAR concatenation in jpeg images

Status:	NEW

Product:	MediaWiki
Classification:	Unclassified
Component:	File management (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Low enhancement (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:	http://en.wikipedia.org/w/index.php?t...
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-08-08 21:21 UTC by Nobody
Modified:	2011-04-14 15:11 UTC (History)
CC List:	5 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nobody 2007-08-08 21:21:39 UTC

HOW TO: Download the linked file (req. admin access on enwiki), rename to .rar, extract.
PROBLEM: Users using Wikipedia as RapidShare replacement by appending compressed files to legitimate graphics uploaded to our servers.
POSSIBLE SOLUTION: Add code to detect RAR compression appended to valid graphics files and fail the upload.

Comment 1 Brion Vibber 2007-08-08 21:27:46 UTC

Why look for RAR and not five million other archive formats? What about trivially obfuscated files? Encrypted files? etc.

Comment 2 Jon 2007-08-08 22:34:29 UTC

(In reply to comment #1)
> Why look for RAR and not five million other archive formats? What about
> trivially obfuscated files? Encrypted files? etc.
> 

its simple really... your average jpg viewer stops reading the file after the end tag. rar ignores anything prior to the rar header. so you've got the perfect combination with jpg and rar. But a few other archive formats/image formats could potentially work. There are tutorials all over the internet including the EN WP article on RAR showing how to do the jpg/rar combination though.

Comment 3 Brion Vibber 2007-08-08 22:38:10 UTC

Convenient. :)

Greg's putting together a list of files with known issues, we'll have a good test set of this and other formats.

Comment 4 Nobody 2007-09-05 00:03:11 UTC

http://commons.wikimedia.org/wiki/User:Gmaxwell/possiblyevilimages

http://en.wikipedia.org/wiki/User:Gmaxwell/possibly_evil_images

Lists not yet filtered.

Comment 5 Platonides 2009-03-05 14:41:10 UTC

Note that commons uploads are being checked (third-party) for embedded rars.

Note You need to log in before you can comment on or make changes to this bug.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links