Opened 13 years ago

Closed 12 years ago

#839 closed bug (fixed)

multiple utf-8 string vulnerabilities

Reported by: marcusoverhagen Owned by: mmlr
Priority: normal Milestone: R1
Component: Kits/Interface Kit Version:
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description (last modified by mmlr)

Multiple UTF-8 functions are unsafe and vulnerable to denial of service attacks or buffer overflow attacks.

This includes:

count_utf8_bytes

UTF8CountBytes

UTF8CountChars

UTF8ToCharCode

UTF8ToLength

It is dangerous to look only at the first byte to determine how long an character sequence is. A malformed sequence can be used to skip a string's terminating zero byte.

Example (2 bytes and terminating zero):

0xE0 0x81 0x00

The first byte tells that it's 3 bytes long, and the above mentioned functions will skip the terminating zero.

Change History (3)

comment:1 Changed 13 years ago by marcusoverhagen

Description: modified (diff)
Summary: mutlpile utf-8 string vulnerabilitiesmultiple utf-8 string vulnerabilities

comment:2 Changed 13 years ago by axeld

Owner: changed from axeld to mmlr

Yes, I noticed that, too, when I fixed that byte count bug a few days ago. I'll give Michael another try :-)

comment:3 Changed 12 years ago by mmlr

Description: modified (diff)
Resolution: fixed
Status: newclosed

Fixed in hrev19624.

Note: See TracTickets for help on using tickets.