#49687 [Opn->Asn]: utf8_decode xml_utf8_decode vuln

jani Mon, 19 Oct 2009 02:37:34 -0700

 ID:               49687
 Updated by:       j...@php.net
 Reported By:      sird at rckc dot at
-Status:           Open
+Status:           Assigned
 Bug Type:         *Unicode Issues
 Operating System: *
 PHP Version:      5.2.11
 Assigned To:      scottmac



Previous Comments:
------------------------------------------------------------------------

[2009-10-16 04:53:00] sird at rckc dot at

My last post, I promise..

it should say:
        c = ((s[0]&63)<<6) | (s[1]&63);

Greetz!

------------------------------------------------------------------------

[2009-10-16 04:52:21] sird at rckc dot at

Oh, duh! I'm reading the wrong function.. :( Sorry

                        if(pos-2 >= 0 || s[1]&0xC0!=0x80) {
                                c = ((s[0]&7)<<18) | ((s[1]&63)<<12) | 
((s[2]&63)<<6) | (s[3]&63);
                        } else {
                                c = '?';        
                        }

------------------------------------------------------------------------

[2009-10-16 04:45:25] sird at rckc dot at

oh, my mistake:
                else if (c < 0x800) {
                        newbuf[(*newlen)++] = (0xc0 | (c >> 6));
                        newbuf[(*newlen)++] = (0x80 | (c & 0x3f));
                }

should be:

                else if (c < 0x800) {
                        if ( (s[1]&0xC0!=0x80) ){
                            newbuf[(*newlen)++] = '?';
                        }else{
                            newbuf[(*newlen)++] = (0xc0 | (c >> 6));
                            newbuf[(*newlen)++] = (0x80 | (c & 0x3f));
                        }
                }

------------------------------------------------------------------------

[2009-10-16 04:41:27] sird at rckc dot at

I disagree.. how slow can it be to add 2 bit operations..

} else if (c < 0x800) {

change to

} else if (c < 0x800) {
    if ( (s[1]&0xC0!=0x80) ){  // this is a new operation
        newbuf[(*newlen)++] = '?'; // this are not new operations
        pos--; // this are not new operations
        s++; // this are not new operations
        continue;
    }
}

Besides, considering all real implementations do what the spec say they
should do (it's not validate it's valid UNICODE, is that UNICODE says
that the algorithm SHOULD do the check).. not doing it on PHP is just
nuts.

------------------------------------------------------------------------

[2009-10-16 04:01:21] scott...@php.net

PHP 5 has binary strings, not utf-8 strings. It does not attempt to do
any validation on input, so expecting addslashes to magically validate
things as utf-8 is wrong, simple as.

I agree that utf8_decode should do proper validation here though the
overhead of doing that validation is going to be slow. So I've coded up
a utf8_validate function. Still need to sort out some of the behaviour
first.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/49687

-- 
Edit this bug report at http://bugs.php.net/?id=49687&edit=1

#49687 [Opn->Asn]: utf8_decode xml_utf8_decode vuln

Reply via email to