[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [bug #45236] Memory disclosure in wget using incomplete U

From: Ángel González
Subject: Re: [Bug-wget] [bug #45236] Memory disclosure in wget using incomplete UTF-8 sequences
Date: Tue, 02 Jun 2015 23:43:56 +0200
User-agent: Thunderbird

On 02/06/15 12:50, Ander Juaristi wrote:
On 06/02/2015 10:36 AM, anonymous wrote:


We discovered a vulnerability in the parsing and processing of international
domain names performed by the GNU IDN library in wget.
It affects systems using the UTF-8 locales and allows to read bytes outside
allocated buffers, using incomplete UTF-8 sequences.
The cause of this issue was already reported in March
but the corresponding GNU developers haven't decided if they want to fix their
API or every affected program should validate their UTF-8 inputs.


I can reproduce this in the latest Git snapshot.

The out-of-bound memory reads happen at function idna_to_ascii_8z() when passed invalid UTF-8 sequences, so as you point out,
it's a libidn issue. The concrete action happens at iri.c line 239.

I see a patch was proposed in the libidn mailing list at Mon, 4 May 2015:


However, the last commit on the libidn Git is dated three months ago, so the patch doesn't seem to have been applied.

Maybe we should validate UTF-8 sequences on our own?

IMHO it should be fixed by libidn. I would wait for a fix from them. We may revisit this when we are approaching a release if they still haven't produced a fix.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]