From fcd399d49aee6b08b44aa50882a78c8d104c5e59 Mon Sep 17 00:00:00 2001 From: "jan.nijtmans" Date: Wed, 31 May 2017 12:05:45 +0000 Subject: Fix [67aa9a207037ae67f9014b544c3db34fa732f2dc|67aa9a2070]: Security: Invalid UTF-8 can inject unexpected characters --- generic/tclUtf.c | 12 +++++++++--- tests/encoding.test | 25 +++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/generic/tclUtf.c b/generic/tclUtf.c index 68119a4..fe47f0b 100644 --- a/generic/tclUtf.c +++ b/generic/tclUtf.c @@ -298,7 +298,9 @@ Tcl_UtfToUniChar( */ *chPtr = (Tcl_UniChar) (((byte & 0x1F) << 6) | (src[1] & 0x3F)); - return 2; + if ((*chPtr == 0) || (*chPtr > 0x7f)) { + return 2; + } } /* @@ -313,7 +315,9 @@ Tcl_UtfToUniChar( *chPtr = (Tcl_UniChar) (((byte & 0x0F) << 12) | ((src[1] & 0x3F) << 6) | (src[2] & 0x3F)); - return 3; + if (*chPtr > 0x7ff) { + return 3; + } } /* @@ -330,7 +334,9 @@ Tcl_UtfToUniChar( *chPtr = (Tcl_UniChar) (((byte & 0x0E) << 18) | ((src[1] & 0x3F) << 12) | ((src[2] & 0x3F) << 6) | (src[3] & 0x3F)); - return 4; + if ((*chPtr <= 0x10ffff) && (*chPtr > 0xffff)) { + return 4; + } } /* diff --git a/tests/encoding.test b/tests/encoding.test index 0374e2d..1d8bae5 100644 --- a/tests/encoding.test +++ b/tests/encoding.test @@ -448,6 +448,31 @@ test encoding-24.3 {EscapeFreeProc on open channels} {stdio} { list $count [viewable $line] } [list 3 "\u4e4e\u4e5e\u4e5f (\\u4e4e\\u4e5e\\u4e5f)"] +test encoding-24.4 {Parse valid or invalid utf-8} { + string length [encoding convertfrom utf-8 "\xc0\x80"] +} 1 +test encoding-24.5 {Parse valid or invalid utf-8} { + string length [encoding convertfrom utf-8 "\xc0\x81"] +} 2 +test encoding-24.6 {Parse valid or invalid utf-8} { + string length [encoding convertfrom utf-8 "\xc1\xbf"] +} 2 +test encoding-24.7 {Parse valid or invalid utf-8} { + string length [encoding convertfrom utf-8 "\xc2\x80"] +} 1 +test encoding-24.8 {Parse valid or invalid utf-8} { + string length [encoding convertfrom utf-8 "\xe0\x80\x80"] +} 3 +test encoding-24.9 {Parse valid or invalid utf-8} { + string length [encoding convertfrom utf-8 "\xe0\x9f\xbf"] +} 3 +test encoding-24.10 {Parse valid or invalid utf-8} { + string length [encoding convertfrom utf-8 "\xe0\xa0\x80"] +} 1 +test encoding-24.10 {Parse valid or invalid utf-8} { + string length [encoding convertfrom utf-8 "\xef\xbf\xbf"] +} 1 + file delete [file join [temporaryDirectory] iso2022.txt] # -- cgit v0.12