diff options
| author | blake2-ppc <blake2-ppc> | 2013-07-30 18:39:31 +0200 |
|---|---|---|
| committer | blake2-ppc <blake2-ppc> | 2013-07-30 19:16:12 +0200 |
| commit | b4ff95599a05da66d2ba0955cc7ae33dd6bfe7fe (patch) | |
| tree | 70f18857ae1c2653becbaa20e8aaecfc1b51eed2 /src/rt/rust_stack.cpp | |
| parent | 6dd185930d850b653ae4e5f4c37c3f1a2b64e4cf (diff) | |
| download | rust-b4ff95599a05da66d2ba0955cc7ae33dd6bfe7fe.tar.gz rust-b4ff95599a05da66d2ba0955cc7ae33dd6bfe7fe.zip | |
std: Deny overlong encodings in UTF-8
An 'overlong encoding' is a codepoint encoded non-minimally using the utf-8 format. Denying these enforce each codepoint to have only one valid representation in utf-8. An example is byte sequence 0xE0 0x80 0x80 which could be interpreted as U+0, but it's an overlong encoding since the canonical form is just 0x00. Another example is 0xE0 0x80 0xAF which was previously accepted and is an overlong encoding of the solidus "/". Directory traversal characters like / and . form the most compelling argument for why this commit is security critical. Factor out common UTF-8 decoding expressions as macros. This commit will partly duplicate UTF-8 decoding, so it is now present in both fn is_utf8() and .char_range_at(); the latter using an assumption of a valid str.
Diffstat (limited to 'src/rt/rust_stack.cpp')
0 files changed, 0 insertions, 0 deletions