CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes

UTF16 contains zero bytes when it is encoding ASCII (for example), so we can't assume the absense of the 0x80 bit means a one byte encoding. No current callers use UTF16. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
author: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2015-11-24 13:54:09 +1300
committer: Ralph Boehme <slow@samba.org> 2015-12-09 17:18:04 +0100
commit: 75b3ce698912fa15a63078ed6325d50caec3717b (patch)
tree: 6c8cc6985c81fcc94cc35f32fd618ddbcebc2818 /lib
parent: 9c068332f0dd03d7cc00fadc50a5707d4d53a09f (diff)
download: samba-75b3ce698912fa15a63078ed6325d50caec3717b.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
index 542eeae73a5..19d084f3d4a 100644
--- a/lib/util/charset/codepoints.c
+++ b/lib/util/charset/codepoints.c
@@ -331,7 +331,10 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext(
 	size_t olen;
 	char *outbuf;
 
-	if ((str[0] & 0x80) == 0) {
+
+	if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS ||
+				       src_charset == CH_UNIX ||
+				       src_charset == CH_UTF8)) {
 		*bytes_consumed = 1;
 		return (codepoint_t)str[0];
 	}
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2015-11-24 13:54:09 +1300
committer	Ralph Boehme <slow@samba.org>	2015-12-09 17:18:04 +0100
commit	75b3ce698912fa15a63078ed6325d50caec3717b (patch)
tree	6c8cc6985c81fcc94cc35f32fd618ddbcebc2818 /lib
parent	9c068332f0dd03d7cc00fadc50a5707d4d53a09f (diff)
download	samba-75b3ce698912fa15a63078ed6325d50caec3717b.tar.gz