| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44L0.0904241534110.4531-100000@iolanthe.rowland.org> Date: Fri, 24 Apr 2009 16:02:52 -0400 (EDT) From: Alan Stern <stern@...land.harvard.edu> To: Kernel development list <linux-kernel@...r.kernel.org> cc: USB list <linux-usb@...r.kernel.org> Subject: NLS: utf8 conversions Although nobody seems to have made a big deal about it, the conversions between utf8 and utf16 done by fs/nls/nls_base.c are wrong in a couple of important respects: They don't handle Unicode code points larger than U+FFFF. They don't detect invalid values, in particular, surrogate code points. The problems stem from the fact the characters at issue can't be represented by a single 16-bit wchar_t. But that's no excuse for performing an incorrect conversion to or from utf16. Are there any definite thoughts on how this should be handled? I don't see any way for the single-character conversion routines (utf8_mbtowc and utf8_wctomb) to come to grips with these issues, except perhaps for returning an error when a character would be invalid or too big to fit in 16 bits. The string-oriented routines (utf8_mbstowcs and utf8_wcstombs) could be adapted to deal with these issues properly. Any comments or suggestions for other approaches? Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists