diff options
| author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2015-11-24 13:54:09 +1300 |
|---|---|---|
| committer | Ralph Boehme <slow@samba.org> | 2015-12-09 17:17:05 +0100 |
| commit | f07626d0297ed6bd21623409e1ea1ae1138d23a8 (patch) | |
| tree | 5223038772c68528433e8b89dfe3ec14053b1560 | |
| parent | a561ae6294fa926bf3a15b9aaf3d18d25d5e971f (diff) | |
| download | samba-f07626d0297ed6bd21623409e1ea1ae1138d23a8.tar.gz | |
CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes
UTF16 contains zero bytes when it is encoding ASCII (for example), so we
can't assume the absense of the 0x80 bit means a one byte encoding. No
current callers use UTF16.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
| -rw-r--r-- | lib/util/charset/codepoints.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c index 542eeae73a5..19d084f3d4a 100644 --- a/lib/util/charset/codepoints.c +++ b/lib/util/charset/codepoints.c @@ -331,7 +331,10 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext( size_t olen; char *outbuf; - if ((str[0] & 0x80) == 0) { + + if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS || + src_charset == CH_UNIX || + src_charset == CH_UTF8)) { *bytes_consumed = 1; return (codepoint_t)str[0]; } |