[Libre-soc-isa] [Bug 794] SVP64 REMAP for utf8

[bugzilla-daemon at libre-soc.org]

https://bugs.libre-soc.org/show_bug.cgi?id=794

--- Comment #13 from Jacob Lifshay <programmerjake at gmail.com> ---
(In reply to Luke Kenneth Casson Leighton from comment #12)
>         Check that a sequence of byte values follows the UTF-8 encoding
>         rules.  Does not check for canonicalization (i.e. overlong encodings
>         are acceptable).

canonicalization and surrogate encodings needs to be checked, otherwise you can
have security flaws such as smuggling / characters through a http server by
encoding them as 0xC0 0xAF rather than 0x2F, which then allows you to access
stuff outside the /var/www/html directory, e.g. by accessing
https://example.com/..%C0%AF..%C0%AF..%C0%AFetc/passwd

-- 
You are receiving this mail because:
You are on the CC list for the bug.