From: Vsevolod Stakhov Date: Tue, 18 May 2021 11:43:22 +0000 (+0100) Subject: [Minor] Fix buffer overflow due to libicu super safe macros X-Git-Tag: 3.0~392 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e7667dd0f6b64748e0d3d14158733f119893d631;p=rspamd.git [Minor] Fix buffer overflow due to libicu super safe macros --- diff --git a/src/libutil/cxx/utf8_util.cxx b/src/libutil/cxx/utf8_util.cxx index 337961f2b..cf71ae2ae 100644 --- a/src/libutil/cxx/utf8_util.cxx +++ b/src/libutil/cxx/utf8_util.cxx @@ -136,6 +136,12 @@ rspamd_normalise_unicode_inplace(char *start, size_t *len) size_t i = 0; while(it.hasNext()) { + /* libicu is very 'special' if it comes to 'safe' macro */ + if (i >= *len) { + ret |= RSPAMD_UNICODE_NORM_ERROR; + break; + } + auto uc = it.next32PostInc(); if (zw_spaces.contains(uc)) { @@ -143,12 +149,15 @@ rspamd_normalise_unicode_inplace(char *start, size_t *len) } else { UBool err = 0; + + if (uc == 0xFFFD) { + ret |= RSPAMD_UNICODE_NORM_UNNORMAL; + } U8_APPEND((uint8_t*)start, i, *len, uc, err); if (err) { - ret = RSPAMD_UNICODE_NORM_ERROR; - - return i; + ret |= RSPAMD_UNICODE_NORM_ERROR; + break; } } } @@ -187,6 +196,9 @@ TEST_SUITE("utf8 utils") { /* Same with zw spaces */ {"13\u200C_\u0020\u0308\u0301\u038e\u03ab\u200D", "13_ ̈́ΎΫ", RSPAMD_UNICODE_NORM_UNNORMAL|RSPAMD_UNICODE_NORM_ZERO_SPACES}, + /* Buffer overflow case */ + {"u\xC2\xC2\xC2\xC2\xC2\xC2""abcdef""abcdef", "u������", + RSPAMD_UNICODE_NORM_UNNORMAL|RSPAMD_UNICODE_NORM_ERROR}, }; for (const auto &c : cases) {