[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [PATCH] the libidn problem
From: |
Hubert Tarasiuk |
Subject: |
Re: [Bug-wget] [PATCH] the libidn problem |
Date: |
Tue, 30 Jun 2015 11:09:06 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1 |
+ while (*s)
+ {
+ if ((*s & 0x80) == 0) /* 0xxxxxxx ASCII char */
+ s++;
+ else if ((*s & 0xE0) == 0xC0) /* 110xxxxx 10xxxxxx */
+ {
+ if ((s[1] & 0xC0) != 0x80)
+ return false;
+ s+=2;
+ }
+ else if ((*s & 0xF0) == 0xE0) /* 1110xxxx 10xxxxxx 10xxxxxx */
+ {
+ if ((s[1] & 0xC0) != 0x80 || (s[2] & 0xC0) != 0x80)
+ return false;
+ s+=3;
+ }
+ else if ((*s & 0xF8) == 0xF0) /* 11110xxx 10xxxxxx 10xxxxxx
10xxxxxx */
+ {
+ if ((s[1] & 0xC0) != 0x80 || (s[2] & 0xC0) != 0x80 || (s[3] &
0xC0) != 0x80)
+ return false;
+ s+=4;
+ }
I think here should go another else like this: else { return false; }.
Otherwise it can loop forever if none of the conditions matches (eg.
'\xba').
+ }
+ return true;
+}
W dniu 30.06.2015 o 10:04, Tim Ruehsen pisze:
> Thanks for the reminder, Daniel.
>
> Here is a patch for Wget.
>
> @Ander, just saw your mail when I was done with a patch.
> Please have a look, it just accepts 1-4 bytes sequences.
>
> Regards, Tim
>
> On Monday 29 June 2015 23:14:39 Daniel Stenberg wrote:
>> Hi,
>>
>> The libidn issue that was previously reported[1], is still outstanding and
>> hasn't been fixed in libidn. This keeps wget vulnerable.
>>
>> I've just recommended[2] libcurl users to disable libidn until this gets
>> resolved, as it seems it may drag on and keeping vulnerable code around is
>> not good.
>>
>> [1] = https://lists.gnu.org/archive/html/bug-wget/2015-06/msg00002.html
>> [2] = http://curl.haxx.se/mail/lib-2015-06/0143.html
signature.asc
Description: OpenPGP digital signature