[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [PATCH] the libidn problem
From: |
Tim Ruehsen |
Subject: |
Re: [Bug-wget] [PATCH] the libidn problem |
Date: |
Tue, 30 Jun 2015 14:47:13 +0200 |
User-agent: |
KMail/4.14.2 (Linux/4.0.0-2-amd64; KDE/4.14.2; x86_64; ; ) |
On Tuesday 30 June 2015 11:09:06 Hubert Tarasiuk wrote:
> + while (*s)
> + {
> + if ((*s & 0x80) == 0) /* 0xxxxxxx ASCII char */
> + s++;
> + else if ((*s & 0xE0) == 0xC0) /* 110xxxxx 10xxxxxx */
> + {
> + if ((s[1] & 0xC0) != 0x80)
> + return false;
> + s+=2;
> + }
> + else if ((*s & 0xF0) == 0xE0) /* 1110xxxx 10xxxxxx 10xxxxxx */
> + {
> + if ((s[1] & 0xC0) != 0x80 || (s[2] & 0xC0) != 0x80)
> + return false;
> + s+=3;
> + }
> + else if ((*s & 0xF8) == 0xF0) /* 11110xxx 10xxxxxx 10xxxxxx
> 10xxxxxx */
> + {
> + if ((s[1] & 0xC0) != 0x80 || (s[2] & 0xC0) != 0x80 || (s[3] &
> 0xC0) != 0x80)
> + return false;
> + s+=4;
> + }
> I think here should go another else like this: else { return false; }.
> Otherwise it can loop forever if none of the conditions matches (eg.
> '\xba').
Thanks Hubert, good catch.
I add the amended patch for completeness.
Tim
0001-Work-around-a-libidn-1.30-vulnerability.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part.