Closed Bug 74198 Opened 23 years ago Closed 23 years ago

NS_ConvertUTF8toUCS2() accepts overlong sequences

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jgmyers, Assigned: jgmyers)

References

Details

Attachments

(3 files)

Proposed fix
1.70 KB, patch
Details | Diff | Splinter Review
Untested table-based decoder
7.62 KB, patch
Details | Diff | Splinter Review
Revised table based decoder.
7.62 KB, patch
Details | Diff | Splinter Review 
NS_ConvertUFF8toUCS2() suffers from the problem described in bug 50702.
Attached patch Proposed fixSplinter Review 

    
    

    
  
sr=scc

    
    

    
  
An alternate fix would be to follow the following ABNF grammar.  The grammar 
allows U+FFFF.  Only U+FFFE is currently considered security critical, it 
currently doesn't matter whether or not U+FFFF is decoded.


UTF8           = UTF8-1 / UTF8-multibyte
UTF8-multibyte = UTF8-2 / UTF8-3 / UTF8-4 / UTF8-5 / UTF8-6
UTF8-following = %x80-BF
UTF8-1         = %x00-7F
UTF8-2         = %xC2-DF UTF8-following
                 ; Disallow overlong sequences beginning with 0xC0
and 0xC1.
UTF8-3         = (%xE0 %xA0-BF UTF8-following) /
                 (%xE1-EC 2UTF8-following) /
                 (%xED %x80-9F UTF8-following) /
                 (%xEE 2UTF8-following) /
                 (%xEF %x80-BE UTF8-loworder) /
                 (%xEF %xBF %x80-BD) / (%xEF %xBF %xBF)
                 ; Disallow overlong sequences beginning with 0xE0,
                 ; disallow encoded surrogate code points, and
                 ; disallow reverse UTF-16 byte-order mark U+FFFE
UTF8-4         = (%xF0 %x90-BF 2UTF8-following) /
                 (%xF1-F7 3UTF8-following)
                 ; Disallow overlong sequences beginning with 0xF0.
UTF8-5         = (%xF8 %x88-BF 3UTF8-following) /
                 (%xF9-FB 4UTF8-following)
                 ; Disallow overlong sequences beginning with 0xF8.
UTF8-6         = (%xFC %x84-BF 4UTF8-following) /
                 (%xFD 5UTF8-following)
                 ; Disallow overlong sequences beginning with 0xFC.



    
    

    
  
r=jag on this patch. Could you look into your suggestion and see what changes it
results in to the current code?

    
    

    
  


  

    
    

    
  


  

    
    

    
  
Fix was checked in.

Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 86411 has been marked as a duplicate of this bug. ***
Component: String → XPCOM

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: