diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-05-18 12:43:22 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-05-18 12:43:22 +0100 |
commit | e7667dd0f6b64748e0d3d14158733f119893d631 (patch) | |
tree | 2def1a31b1c2e8f16e438961d1cdf6d1c46bbf2e /src/libutil | |
parent | 7974dd00478625cbe8e754e67e39bf52d361bda9 (diff) | |
download | rspamd-e7667dd0f6b64748e0d3d14158733f119893d631.tar.gz rspamd-e7667dd0f6b64748e0d3d14158733f119893d631.zip |
[Minor] Fix buffer overflow due to libicu super safe macros
Diffstat (limited to 'src/libutil')
-rw-r--r-- | src/libutil/cxx/utf8_util.cxx | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/src/libutil/cxx/utf8_util.cxx b/src/libutil/cxx/utf8_util.cxx index 337961f2b..cf71ae2ae 100644 --- a/src/libutil/cxx/utf8_util.cxx +++ b/src/libutil/cxx/utf8_util.cxx @@ -136,6 +136,12 @@ rspamd_normalise_unicode_inplace(char *start, size_t *len) size_t i = 0; while(it.hasNext()) { + /* libicu is very 'special' if it comes to 'safe' macro */ + if (i >= *len) { + ret |= RSPAMD_UNICODE_NORM_ERROR; + break; + } + auto uc = it.next32PostInc(); if (zw_spaces.contains(uc)) { @@ -143,12 +149,15 @@ rspamd_normalise_unicode_inplace(char *start, size_t *len) } else { UBool err = 0; + + if (uc == 0xFFFD) { + ret |= RSPAMD_UNICODE_NORM_UNNORMAL; + } U8_APPEND((uint8_t*)start, i, *len, uc, err); if (err) { - ret = RSPAMD_UNICODE_NORM_ERROR; - - return i; + ret |= RSPAMD_UNICODE_NORM_ERROR; + break; } } } @@ -187,6 +196,9 @@ TEST_SUITE("utf8 utils") { /* Same with zw spaces */ {"13\u200C_\u0020\u0308\u0301\u038e\u03ab\u200D", "13_ ̈́ΎΫ", RSPAMD_UNICODE_NORM_UNNORMAL|RSPAMD_UNICODE_NORM_ZERO_SPACES}, + /* Buffer overflow case */ + {"u\xC2\xC2\xC2\xC2\xC2\xC2""abcdef""abcdef", "u������", + RSPAMD_UNICODE_NORM_UNNORMAL|RSPAMD_UNICODE_NORM_ERROR}, }; for (const auto &c : cases) { |