Fix [67aa9a207037ae67f9014b544c3db34fa732f2dc|67aa9a2070]: Security: Invalid UTF-8 can inject unexpected characters

author: jan.nijtmans <nijtmans@users.sourceforge.net> 2017-06-02 08:17:26 (GMT)
committer: jan.nijtmans <nijtmans@users.sourceforge.net> 2017-06-02 08:17:26 (GMT)
commit: 630032a3be09b72dc60b0fcb41c346f11042ce41 (patch)
tree: 8c3f55d5f9a1ea064ef2ec59a55d82d255982b8c /generic
parent: 3ae95af52ca24414d723b827fc99cc1a2b94f778 (diff)
download: tcl-630032a3be09b72dc60b0fcb41c346f11042ce41.zip
tcl-630032a3be09b72dc60b0fcb41c346f11042ce41.tar.gz
tcl-630032a3be09b72dc60b0fcb41c346f11042ce41.tar.bz2
1 files changed, 9 insertions, 3 deletions
diff --git a/generic/tclUtf.c b/generic/tclUtf.c
index 68119a4..fe47f0b 100644
--- a/generic/tclUtf.c
+++ b/generic/tclUtf.c
@@ -298,7 +298,9 @@ Tcl_UtfToUniChar(
 	     */
 
 	    *chPtr = (Tcl_UniChar) (((byte & 0x1F) << 6) | (src[1] & 0x3F));
-	    return 2;
+	    if ((*chPtr == 0) || (*chPtr > 0x7f)) {
+		return 2;
+	    }
 	}
 
 	/*
@@ -313,7 +315,9 @@ Tcl_UtfToUniChar(
 
 	    *chPtr = (Tcl_UniChar) (((byte & 0x0F) << 12)
 		    | ((src[1] & 0x3F) << 6) | (src[2] & 0x3F));
-	    return 3;
+	    if (*chPtr > 0x7ff) {
+		return 3;
+	    }
 	}
 
 	/*
@@ -330,7 +334,9 @@ Tcl_UtfToUniChar(
 
 	    *chPtr = (Tcl_UniChar) (((byte & 0x0E) << 18) | ((src[1] & 0x3F) << 12)
 		    | ((src[2] & 0x3F) << 6) | (src[3] & 0x3F));
-	    return 4;
+	    if ((*chPtr <= 0x10ffff) && (*chPtr > 0xffff)) {
+		return 4;
+	    }
 	}
 
 	/*
author	jan.nijtmans <nijtmans@users.sourceforge.net>	2017-06-02 08:17:26 (GMT)
committer	jan.nijtmans <nijtmans@users.sourceforge.net>	2017-06-02 08:17:26 (GMT)
commit	630032a3be09b72dc60b0fcb41c346f11042ce41 (patch)
tree	8c3f55d5f9a1ea064ef2ec59a55d82d255982b8c /generic
parent	3ae95af52ca24414d723b827fc99cc1a2b94f778 (diff)
download	tcl-630032a3be09b72dc60b0fcb41c346f11042ce41.zip tcl-630032a3be09b72dc60b0fcb41c346f11042ce41.tar.gz tcl-630032a3be09b72dc60b0fcb41c346f11042ce41.tar.bz2