Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <52AAF97A.1090505@gentoo.org>
Date: Fri, 13 Dec 2013 13:11:38 +0100
From: Luca Barbato <lu_zero@...too.org>
To: musl@...ts.openwall.com
Subject: Re: validation of utf-8 strings passed as system call arguments

On 13/12/13 05:30, writeonce@...ipix.org wrote:
> Hello,
> 
> While working on code that converts arguments from utf-16 to utf-8, I found 
> myself wondering about the "responsibility" for checking well-formedness of 
> utf-8 strings that are passed to the kernel.  As I suspected, validation of 
> these strings takes place neither in the kernel, nor in the C library.  The 
> attached program demonstrates this by creating a file named <0xE0 0x9F 0x80>, 
> which according to the Unicode Standard (6.2, p. 95) is an ill-formed byte sequence.
> 
> I am not sure whether this can officially be considered a bug, and it is quite 
> clear that fixing this is going to entail some performance penalty.  That being 
> said, after deleting this file from my Ubuntu desktop most (but not all) 
> attempts to open the Trash folder made Nautilus crash, and it was only after 
> deleting the file permanently from the shell that order had been restored...
> 

any kind of rejection beside null and separator seems to me that would
be more harmful and even more dangerous than the status quo.

lu

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.