Closed
Bug 50702
Opened 24 years ago
Closed 24 years ago
UTF-8 decoder accepts overlong sequences
Categories
(Core :: Internationalization, defect, P3)
Core
Internationalization
Tracking
()
VERIFIED
FIXED
mozilla0.9
People
(Reporter: jgmyers, Assigned: ftang)
References
()
Details
(Keywords: intl, Whiteboard: have fix, awaiting review & approval)
Attachments
(2 files)
|
2.76 KB,
patch
|
Details | Diff | Splinter Review | |
|
3.05 KB,
patch
|
Details | Diff | Splinter Review |
The UTF-8 decoder incorrectly accepts overlong sequences, leaving a potential
path for attackers to get past input validation.
|
Reporter | |
Comment 1•24 years ago
|
||
|
|
Reporter | |
Updated•24 years ago
|
|
Assignee | |
Comment 2•24 years ago
|
||
john- sorry, I have no idea what do you mean "overlong sequences" can you put
some example here and describe the problem clearly?
|
|
Reporter | |
Comment 3•24 years ago
|
||
Section 4 of the URL associated with this bug contains a full description and
numerous examples of overlong sequences.
|
|
Reporter | |
Comment 4•24 years ago
|
||
An overlong sequence is a character that is encoded in UTF-8 using more octets
than necessary. For example, the UTF-8 sequence "c0 af" is currently decoded by
Mozilla's UTF-8 decoder as U+002F. This is a security problem as it would
allow, for example, an attacker to get a U+002F character past an input validity
checker which attempts to prohibit U+002F characters by prohibiting "2f" octets
in data it knows is in UTF-8.
As another example, an attacker could encode a U+0000 character as "c0 80",
allowing the attacker to truncate a string that is U+0000 terminated.
|
|
Assignee | |
Comment 5•24 years ago
|
||
>leaving a potential path for attackers to get past input validation.
???
1. i don't think we currently have any "input validation" in our code.
2. If we do, we should do that in the UCS2 space, not in the UTF8 space.
|
|
Assignee | |
Comment 6•24 years ago
|
||
erik- can you help to fix this ? Mark it as M23
Assignee: jgmyers → erik
Status: ASSIGNED → NEW
Target Milestone: --- → M23
|
||
Comment 7•24 years ago
|
||
This is now necessary, since The Unicode Standard version 3.0.1 forbids
accepting overlong sequences. Take a look at:
http://www.unicode.org/unicode/uni2errata/UTF-8_Corrigendum.html
|
|
Reporter | |
Comment 8•24 years ago
|
||
|
||
Comment 9•24 years ago
|
||
What's the status on this bug? Who is waiting on reviews, etc?
|
|
Reporter | |
Comment 10•24 years ago
|
||
I am waiting for a review. I have heard nothing.
|
|
Assignee | |
Comment 11•24 years ago
|
||
reassign to ftang mark it as moz 0.9
|
|
Assignee | |
Comment 13•24 years ago
|
||
sr=ftang
|
|
Assignee | |
Comment 14•24 years ago
|
||
wait, I want to look at it again.
|
|
Assignee | |
Comment 15•24 years ago
|
||
I read it again. It is ok. sr=ftang again.
|
|
Reporter | |
Comment 16•24 years ago
|
||
That's r=ftang as well?
|
||
Comment 17•24 years ago
|
||
ftang is not on the super reviewer list, but I am. sr=erik
(Maybe ftang can change his sr to r.)
|
|
Reporter | |
Comment 18•24 years ago
|
||
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•