Bug 19729 - out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize
Summary: out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_norma...
Status: NEW
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: 2.23
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-25 12:25 UTC by Hanno Boeck
Modified: 2016-09-05 15:41 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
sample input. (9 bytes, application/octet-stream)
2016-02-25 12:25 UTC, Hanno Boeck
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Boeck 2016-02-25 12:25:48 UTC
Created attachment 9039 [details]
sample input.

libidn's stringprep_utf8_nfkc_normalize function may read out of bounds if an invalid utf-8 string gets passed. glibc bundles libidn.

This has been fixed upstream here:
http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=1fbee57ef3c72db2206dd87e4162108b2f425555

Attached is a sample input that can be triggered with idn -n.

Found with american fuzzy lop.