Opened 18 years ago
Closed 18 years ago
#839 closed bug (fixed)
multiple utf-8 string vulnerabilities — at Version 3
Reported by: | marcusoverhagen | Owned by: | mmlr |
---|---|---|---|
Priority: | normal | Milestone: | R1 |
Component: | Kits/Interface Kit | Version: | |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description (last modified by )
Multiple UTF-8 functions are unsafe and vulnerable to denial of service attacks or buffer overflow attacks.
This includes:
count_utf8_bytes
UTF8CountBytes
UTF8CountChars
UTF8ToCharCode
UTF8ToLength
It is dangerous to look only at the first byte to determine how long an character sequence is. A malformed sequence can be used to skip a string's terminating zero byte.
Example (2 bytes and terminating zero):
0xE0 0x81 0x00
The first byte tells that it's 3 bytes long, and the above mentioned functions will skip the terminating zero.
Change History (3)
comment:1 by , 18 years ago
Description: | modified (diff) |
---|---|
Summary: | mutlpile utf-8 string vulnerabilities → multiple utf-8 string vulnerabilities |
comment:2 by , 18 years ago
Owner: | changed from | to
---|
comment:3 by , 18 years ago
Description: | modified (diff) |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Fixed in hrev19624.
Note:
See TracTickets
for help on using tickets.
Yes, I noticed that, too, when I fixed that byte count bug a few days ago. I'll give Michael another try :-)