Skip to content

Commit

Permalink
Avoid small read overrun in UTF8 normalization
Browse files Browse the repository at this point in the history 
In krb5int_utf8_normalize(), check the length of the current character
against the buffer length before reading more than one byte.  Credit
to OSS-Fuzz for discovering the overrun.

ticket: 9072 (new)
  • Loading branch information
@greghudson
greghudson committed Nov 3, 2022
1 parent 30429ad commit fb9cf8c
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/lib/krb5/unicode/ucstr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,12 @@ krb5int_utf8_normalize(
/* s[i] is non-ascii */
/* convert everything up to next ascii to ucs-4 */
while (i < len) {
/* KRB5_UTF8_CHARLEN only looks at the first byte; use it to guard
* against small read overruns. */
if (KRB5_UTF8_CHARLEN(s + i) > len - i) {
retval = KRB5_ERR_INVALID_UTF8;
goto cleanup;
}
clen = KRB5_UTF8_CHARLEN2(s + i, clen);
if (clen == 0) {
retval = KRB5_ERR_INVALID_UTF8;
Expand Down

0 comments on commit fb9cf8c

Please sign in to comment.