+ while (*s)
+ {
+ if ((*s & 0x80) == 0) /* 0xxxxxxx ASCII char */
+ s++;
+ else if ((*s & 0xE0) == 0xC0) /* 110xxxxx 10xxxxxx */
+ {
+ if ((s[1] & 0xC0) != 0x80)
+ return false;
+ s+=2;
+ }
+ else if ((*s & 0xF0) == 0xE0) /* 1110xxxx 10xxxxxx 10xxxxxx */
+ {
+ if ((s[1] & 0xC0) != 0x80 || (s[2] & 0xC0) != 0x80)
+ return false;
+ s+=3;
+ }
+ else if ((*s & 0xF8) == 0xF0) /* 11110xxx 10xxxxxx 10xxxxxx
10xxxxxx */
+ {
+ if ((s[1] & 0xC0) != 0x80 || (s[2] & 0xC0) != 0x80 || (s[3] &
0xC0) != 0x80)
+ return false;
+ s+=4;
+ }
I think here should go another else like this: else { return false; }.
Otherwise it can loop forever if none of the conditions matches (eg.
'\xba').
+ }
+ return true;
+}W dniu 30.06.2015 o 10:04, Tim Ruehsen pisze: > Thanks for the reminder, Daniel. > > Here is a patch for Wget. > > @Ander, just saw your mail when I was done with a patch. > Please have a look, it just accepts 1-4 bytes sequences. > > Regards, Tim > > On Monday 29 June 2015 23:14:39 Daniel Stenberg wrote: >> Hi, >> >> The libidn issue that was previously reported[1], is still outstanding and >> hasn't been fixed in libidn. This keeps wget vulnerable. >> >> I've just recommended[2] libcurl users to disable libidn until this gets >> resolved, as it seems it may drag on and keeping vulnerable code around is >> not good. >> >> [1] = https://lists.gnu.org/archive/html/bug-wget/2015-06/msg00002.html >> [2] = http://curl.haxx.se/mail/lib-2015-06/0143.html
signature.asc
Description: OpenPGP digital signature
