Fix [67aa9a207037ae67f9014b544c3db34fa732f2dc|67aa9a2070]: Security: Invalid UTF-8 can inject unexpected characters

author: jan.nijtmans <nijtmans@users.sourceforge.net> 2017-05-31 12:05:45 (GMT)
committer: jan.nijtmans <nijtmans@users.sourceforge.net> 2017-05-31 12:05:45 (GMT)
commit: fcd399d49aee6b08b44aa50882a78c8d104c5e59 (patch)
tree: 5ccc8a1c3afd4e8dbab5c173ddd11a1af8d2aec7 /generic/tclUtf.c
parent: 4a9ae53836f768d0b615e5f98cedfb9dd5fbac7f (diff)
download: tcl-fcd399d49aee6b08b44aa50882a78c8d104c5e59.zip
tcl-fcd399d49aee6b08b44aa50882a78c8d104c5e59.tar.gz
tcl-fcd399d49aee6b08b44aa50882a78c8d104c5e59.tar.bz2
1 files changed, 9 insertions, 3 deletions
diff --git a/generic/tclUtf.c b/generic/tclUtf.c
index 68119a4..fe47f0b 100644
--- a/generic/tclUtf.c
+++ b/generic/tclUtf.c
@@ -298,7 +298,9 @@ Tcl_UtfToUniChar(
 	     */
 
 	    *chPtr = (Tcl_UniChar) (((byte & 0x1F) << 6) | (src[1] & 0x3F));
-	    return 2;
+	    if ((*chPtr == 0) || (*chPtr > 0x7f)) {
+		return 2;
+	    }
 	}
 
 	/*
@@ -313,7 +315,9 @@ Tcl_UtfToUniChar(
 
 	    *chPtr = (Tcl_UniChar) (((byte & 0x0F) << 12)
 		    | ((src[1] & 0x3F) << 6) | (src[2] & 0x3F));
-	    return 3;
+	    if (*chPtr > 0x7ff) {
+		return 3;
+	    }
 	}
 
 	/*
@@ -330,7 +334,9 @@ Tcl_UtfToUniChar(
 
 	    *chPtr = (Tcl_UniChar) (((byte & 0x0E) << 18) | ((src[1] & 0x3F) << 12)
 		    | ((src[2] & 0x3F) << 6) | (src[3] & 0x3F));
-	    return 4;
+	    if ((*chPtr <= 0x10ffff) && (*chPtr > 0xffff)) {
+		return 4;
+	    }
 	}
 
 	/*
author	jan.nijtmans <nijtmans@users.sourceforge.net>	2017-05-31 12:05:45 (GMT)
committer	jan.nijtmans <nijtmans@users.sourceforge.net>	2017-05-31 12:05:45 (GMT)
commit	fcd399d49aee6b08b44aa50882a78c8d104c5e59 (patch)
tree	5ccc8a1c3afd4e8dbab5c173ddd11a1af8d2aec7 /generic/tclUtf.c
parent	4a9ae53836f768d0b615e5f98cedfb9dd5fbac7f (diff)
download	tcl-fcd399d49aee6b08b44aa50882a78c8d104c5e59.zip tcl-fcd399d49aee6b08b44aa50882a78c8d104c5e59.tar.gz tcl-fcd399d49aee6b08b44aa50882a78c8d104c5e59.tar.bz2