diff options
| author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2015-11-24 13:54:09 +1300 |
|---|---|---|
| committer | Ralph Boehme <slow@samba.org> | 2015-12-09 17:19:53 +0100 |
| commit | 538d305de91e34a2938f5f219f18bf0e1918763f (patch) | |
| tree | 666e3d8310f98648a183edc5a08494750a3781c2 /lib/util/charset | |
| parent | a118d4220ed85749c07fb43c1229d9e2fecbea6b (diff) | |
| download | samba-538d305de91e34a2938f5f219f18bf0e1918763f.tar.gz | |
CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes
UTF16 contains zero bytes when it is encoding ASCII (for example), so we
can't assume the absense of the 0x80 bit means a one byte encoding. No
current callers use UTF16.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'lib/util/charset')
| -rw-r--r-- | lib/util/charset/codepoints.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c index 99d209ff1c3..3d444a6df31 100644 --- a/lib/util/charset/codepoints.c +++ b/lib/util/charset/codepoints.c @@ -16669,7 +16669,10 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext( size_t olen; char *outbuf; - if ((str[0] & 0x80) == 0) { + + if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS || + src_charset == CH_UNIX || + src_charset == CH_UTF8)) { *bytes_consumed = 1; return (codepoint_t)str[0]; } |