bin/176250: euc locale input modifies data

看板FB_bugs作者時間12年前 (2013/04/27 13:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
>Number: 176250 >Category: bin >Synopsis: euc locale input modifies data >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 18 17:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: J.R. Oldroyd >Release: FreeBSD 9.1-RELEASE amd64 >Organization: >Environment: System: FreeBSD xx.opal.com 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r244985: Tue Jan 8 10:51:13 EST 2013 jr@xx.opal.com:/usr/src/sys/amd64/compile/GENERIC amd64 >Description: When reading an invalid multibyte data sequence while set to an euc locale, e.g., ja_JP.eucJP, the src/lib/libc/locale/euc.c code will modify the bytes read to ensure that the 0x8080 or 0x808080 bits are set. This has the effect of silently returning data other than that which was in the input. There is then no way of detecting that the input sequence was invalid. The correct behavior is to test that those bits are set, return the data if they are, but return EILSEQ if not. Fix is applicable to 10-current and 9-stable. Please MFC. >How-To-Repeat: 1. Create test file containing invalid euc multibyte characters such as: 0xa440 0xac4f 0xb36f 0xcf20 2. Set locale to, e.g., ja_JP.eucJP. 3. Read characters from file using getwc(). Observe that what's read is: 0xa4c0 0xaccf 0xb3ef 0xcfa0 >Fix: --- src/lib/libc/locale/euc.c.orig 2013-01-02 19:26:36.000000000 -0500 +++ src/lib/libc/locale/euc.c 2013-02-17 15:51:58.000000000 -0500 @@ -215,7 +215,11 @@ es->ch = wc; return ((size_t)-2); } - wc = (wc & ~CEI->mask) | CEI->bits[set]; + if (wc != ((wc & ~CEI->mask) | CEI->bits[set])) { + /* Invalid multibyte sequence */ + errno = EILSEQ; + return ((size_t)-1); + } if (pwc != NULL) *pwc = wc; es->want = 0; >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"
更多 fbsd. 的文章
文章代碼(AID): #1HUrkMIO (FB_bugs)