Closed
Bug 522634
Opened 15 years ago
Closed 15 years ago
decodeURIComponent/decodeURI allows non-shortest form of 16 bits char on 4 bytes representation
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 511859
People
(Reporter: sirdarckcat, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5 Firefox is supposed to consider the non-shortest form exception (http://www.unicode.org/reports/tr36/#UTF-8_Exploit), section 3.1 of the Unicode Technical Report #36 but apparently there's a flaw on it. This is specially problematic for the reasons that an overlong unicode sequence not taken into consideration may allow several types of filter bypasses. The following non-shortest form for the char U+1000: 0xF0 0x81 0x80 0x80 is allowed, as well as the correct shortest form: 0xE1 0x80 0x80 Note that this problem is only present on the 4 bytes representation (0xE0 0x81 0x80 is correctly marked as U+FFFD) Reproducible: Always Steps to Reproduce: 1. alert(decodeURI("%F0%81%80%80")==decodeURI("%E1%80%80")) 2. alert(escape(decodeURI("%F0%81%80%80"))) Actual Results: 1. true 2. %u1000 Expected Results: 1. false 2. %uFFFD Check: http://www.unicode.org/reports/tr36/#UTF-8_Exploit
Comment 1•15 years ago
|
||
This is fixed by bug 511859
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•3 years ago
|
Component: String → XPCOM
You need to log in
before you can comment on or make changes to this bug.
Description
•