lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49F6A756.7070203@ladisch.de>
Date:	Tue, 28 Apr 2009 08:51:02 +0200
From:	Clemens Ladisch <clemens@...isch.de>
To:	Alan Stern <stern@...land.harvard.edu>
CC:	Kernel development list <linux-kernel@...r.kernel.org>,
	USB list <linux-usb@...r.kernel.org>
Subject: Re: NLS: utf8 conversions

Alan Stern wrote:
> Your comments agree pretty well with what I had concluded.  However a 
> lot of the source files have lengthy tables of wchar_t values; changing 
> them to 32 bits would waste a lot of space.
> 
> As a sort of compromise, I came up with this patch (not tested yet,
> although it compiles okay).  How does it look to you?

>From a not-having-it-tested-either perspective, it looks good.

> +utf8_to_utf32(unicode_t *p, const u8 *s, int n)
> +utf32_to_utf8(u8 *s, unicode_t u, int maxlen)
> +utf8s_to_utf16s(wchar_t *pwcs, const u8 *s, int n)
> +utf16s_to_utf8s(u8 *s, const wchar_t *pwcs, int maxlen, int inlen,

Minor nitpick: You already have enhanced the insane parameter ordering
of wcsntombs_be(), but the meaning of all these functions' parameters
would be even more obvious if the buffer size would immediately follow
the corresponding buffer pointer.

Anyway,
Acked-by: Clemens Ladisch <clemens@...isch.de>


> +++ usb-2.6/fs/isofs/joliet.c
> ...
> -static int
> -wcsntombs_be(__u8 *s, const __u8 *pwcs, int inlen, int maxlen)
> -{
> ...
> -		} else {
> -			*op++ = (__u8) c;
> -		}

Just for the record: this function had the same buffer overflow bug as
utf8_wcstombs(), but it wasn't exploitable either.


Best regards,
Clemens
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ