Closed
Bug 74198
Opened 23 years ago
Closed 23 years ago
NS_ConvertUTF8toUCS2() accepts overlong sequences
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
People
(Reporter: jgmyers, Assigned: jgmyers)
References
Details
Attachments
(3 files)
1.70 KB,
patch
|
Details | Diff | Splinter Review | |
7.62 KB,
patch
|
Details | Diff | Splinter Review | |
7.62 KB,
patch
|
Details | Diff | Splinter Review |
NS_ConvertUFF8toUCS2() suffers from the problem described in bug 50702.
Assignee | ||
Comment 1•23 years ago
|
||
Comment 2•23 years ago
|
||
sr=scc
Assignee | ||
Comment 3•23 years ago
|
||
An alternate fix would be to follow the following ABNF grammar. The grammar allows U+FFFF. Only U+FFFE is currently considered security critical, it currently doesn't matter whether or not U+FFFF is decoded. UTF8 = UTF8-1 / UTF8-multibyte UTF8-multibyte = UTF8-2 / UTF8-3 / UTF8-4 / UTF8-5 / UTF8-6 UTF8-following = %x80-BF UTF8-1 = %x00-7F UTF8-2 = %xC2-DF UTF8-following ; Disallow overlong sequences beginning with 0xC0 and 0xC1. UTF8-3 = (%xE0 %xA0-BF UTF8-following) / (%xE1-EC 2UTF8-following) / (%xED %x80-9F UTF8-following) / (%xEE 2UTF8-following) / (%xEF %x80-BE UTF8-loworder) / (%xEF %xBF %x80-BD) / (%xEF %xBF %xBF) ; Disallow overlong sequences beginning with 0xE0, ; disallow encoded surrogate code points, and ; disallow reverse UTF-16 byte-order mark U+FFFE UTF8-4 = (%xF0 %x90-BF 2UTF8-following) / (%xF1-F7 3UTF8-following) ; Disallow overlong sequences beginning with 0xF0. UTF8-5 = (%xF8 %x88-BF 3UTF8-following) / (%xF9-FB 4UTF8-following) ; Disallow overlong sequences beginning with 0xF8. UTF8-6 = (%xFC %x84-BF 4UTF8-following) / (%xFD 5UTF8-following) ; Disallow overlong sequences beginning with 0xFC.
Comment 4•23 years ago
|
||
r=jag on this patch. Could you look into your suggestion and see what changes it results in to the current code?
Assignee | ||
Comment 5•23 years ago
|
||
Assignee | ||
Comment 6•23 years ago
|
||
Assignee | ||
Comment 7•23 years ago
|
||
Fix was checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•3 years ago
|
Component: String → XPCOM
You need to log in
before you can comment on or make changes to this bug.
Description
•