[Bug libc/19729] New: out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug libc/19729] New: out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize

maiku.fabian at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=19729

            Bug ID: 19729
           Summary: out of bounds heap read on invalid utf-8 inputs in
                    stringprep_utf8_nfkc_normalize
           Product: glibc
           Version: 2.23
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: hanno at hboeck dot de
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Created attachment 9039
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9039&action=edit
sample input.

libidn's stringprep_utf8_nfkc_normalize function may read out of bounds if an
invalid utf-8 string gets passed. glibc bundles libidn.

This has been fixed upstream here:
http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=1fbee57ef3c72db2206dd87e4162108b2f425555

Attached is a sample input that can be triggered with idn -n.

Found with american fuzzy lop.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug network/19729] out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize

maiku.fabian at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=19729

Joseph Myers <jsm28 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|libc                        |network

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug network/19729] out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize

maiku.fabian at gmail dot com
In reply to this post by maiku.fabian at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=19729

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |fweimer at redhat dot com
           Assignee|unassigned at sourceware dot org   |fweimer at redhat dot com

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug network/19729] out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize

maiku.fabian at gmail dot com
In reply to this post by maiku.fabian at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=19729

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dilfridge at gentoo dot org

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
*** Bug 22334 has been marked as a duplicate of this bug. ***

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug network/19729] out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize

maiku.fabian at gmail dot com
In reply to this post by maiku.fabian at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=19729

--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
*** Bug 22333 has been marked as a duplicate of this bug. ***

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug network/19729] out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize (CVE-2016-6263)

maiku.fabian at gmail dot com
In reply to this post by maiku.fabian at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=19729

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|out of bounds heap read on  |out of bounds heap read on
                   |invalid utf-8 inputs in     |invalid utf-8 inputs in
                   |stringprep_utf8_nfkc_normal |stringprep_utf8_nfkc_normal
                   |ize                         |ize (CVE-2016-6263)
              Alias|                            |CVE-2016-6263

--
You are receiving this mail because:
You are on the CC list for the bug.