cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY NOTICE] libidn with bad UTF8 input

From: Daniel Hardman <daniel.hardman_at_gmail.com>
Date: Sun, 5 Jul 2015 11:04:34 -0600

>
> >>>However: a "native" check that attempts to detect illegal UTF8 symbols
> to mitigate this problem would be fine for me to merge to use with all
> vulnerable libidn versions.

That's great! I am working on a unit test for the check_utf8_before_libidn
branch that Ray pointed me at. Ray's function is short and sweet, and as
far as I can tell after review and initial testing, perfectly implements
the constraints enumerated in Table 3-7, Well-Formed UTF-8 Byte Sequences
in v7 of the Unicode standard.

ETA for pull request: maybe tomorrow evening UTC-1100, when I'm done flying.

--Daniel

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-07-05

This message: [ Message body ]
Next message: Gabi Davar: "Supporting http/2 with WinSSL"
Previous message: Daniel Stenberg: "Re: [SECURITY NOTICE] libidn with bad UTF8 input"
In reply to: Daniel Stenberg: "Re: [SECURITY NOTICE] libidn with bad UTF8 input"
Next in thread: Daniel Hardman: "Re: [SECURITY NOTICE] libidn with bad UTF8 input"
Reply: Daniel Hardman: "Re: [SECURITY NOTICE] libidn with bad UTF8 input"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]