19729 – out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize

Bug 19729 - out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize

Summary: out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_norma...

Status:	NEW

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	network (show other bugs)
Version:	2.23

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-02-25 12:25 UTC by Hanno Boeck
Modified:	2016-09-05 15:41 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
sample input. (9 bytes, application/octet-stream) 2016-02-25 12:25 UTC, Hanno Boeck	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Boeck 2016-02-25 12:25:48 UTC

Created attachment 9039 [details]
sample input.

libidn's stringprep_utf8_nfkc_normalize function may read out of bounds if an invalid utf-8 string gets passed. glibc bundles libidn.

This has been fixed upstream here:
http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=1fbee57ef3c72db2206dd87e4162108b2f425555

Attached is a sample input that can be triggered with idn -n.

Found with american fuzzy lop.