This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug locale/19519] iconv(1) with -c option hangs on illegal multi-byte sequences (CVE-2016-10228)
- From: "rschiele at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 07 Mar 2017 07:57:09 +0000
- Subject: [Bug locale/19519] iconv(1) with -c option hangs on illegal multi-byte sequences (CVE-2016-10228)
- Auto-submitted: auto-generated
- References: <bug-19519-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=19519
Robert Schiele <rschiele at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rschiele at gmail dot com
--- Comment #3 from Robert Schiele <rschiele at gmail dot com> ---
Created attachment 9875
--> https://sourceware.org/bugzilla/attachment.cgi?id=9875&action=edit
attempt to fix CVE-2016-10228
This is my attempt to fix that bug by advancing the buffer whenever an illegal
character is detected by one byte. While this does fix the specific examples in
this bug report I am not sure whether it is a good idea since I am not
particularly deep in that code.
Concerns that come to my mind and should be commented upon by someone that is
more familiar with that code:
1. Is the place I fixed here the only place that needs fixing or did I probably
miss other places.
2. Is advancing by one byte generally a good idea? Some character sets operate
on multiple byte characters. Do we need to consider this here and probably
advance with the character size instead? Is there information available in some
data structure about how many bytes we would need to advance?
--
You are receiving this mail because:
You are on the CC list for the bug.