Added LDAP_UTF8_CHARLEN2() to validate shortest possible encoding

of UTF8 string. (Returns charlen if valid, 0 if not.)

diff --git a/include/ldap_pvt_uc.h b/include/ldap_pvt_uc.h
index 8417b4441ba2884b134deb6872007f882d516546..c28216c2d6dee159119e2eda3af9babe4347c947 100644 (file)
--- a/include/ldap_pvt_uc.h
+++ b/include/ldap_pvt_uc.h
@@ -47,6 +47,12 @@ LDAP_F (ber_len_t) ldap_utf8_chars( const char * );
 LDAP_F (int) ldap_utf8_offset( const char * );
 /* returns the length (in bytes) indicated by the UTF-8 character */
 LDAP_F (int) ldap_utf8_charlen( const char * );
+
+/* returns the length (in bytes) indicated by the UTF-8 character
+ * also checks that shortest possible encoding was used
+ */
+LDAP_F (int) ldap_utf8_charlen2( const char * );
+
 /* copies a UTF-8 character and returning number of bytes copied */
 LDAP_F (int) ldap_utf8_copy( char *, const char *);
 
@@ -76,10 +82,20 @@ LDAP_F (char*) ldap_utf8_strtok( char* sp, const char* sep, char **last);
 
 /* Optimizations */
 LDAP_V (const char) ldap_utf8_lentab[128];
+LDAP_V (const char) ldap_utf8_mintab[32];
 
 #define LDAP_UTF8_ISASCII(p) ( !(*(unsigned char *)(p) & 0x80 ) )
 #define LDAP_UTF8_CHARLEN(p) ( LDAP_UTF8_ISASCII(p) \
        ? 1 : ldap_utf8_lentab[*(unsigned char *)(p) ^ 0x80] )
+
+/* This is like CHARLEN but additionally validates to make sure
+ * the char used the shortest possible encoding.
+ * 'l' is used to temporarily hold the result of CHARLEN.
+ */
+#define LDAP_UTF8_CHARLEN2(p, l) ( ( ( l = LDAP_UTF8_CHARLEN( p )) < 3 || \
+       ( ldap_utf8_mintab[*(unsigned char *)(p) & 0x1f] & (p)[1] ) ) ? \
+       l : 0 )
+
 #define LDAP_UTF8_OFFSET(p) ( LDAP_UTF8_ISASCII(p) \
        ? 1 : ldap_utf8_offset((p)) )
 

diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c
index ae0f0e9ae465774242a7764faa5e49b94a070a60..c22ea552bd4f04ee066825dc139a878d22999158 100644 (file)
--- a/libraries/libldap/getdn.c
+++ b/libraries/libldap/getdn.c
@@ -1894,7 +1894,7 @@ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
                        continue;
                }
 
-               cl = LDAP_UTF8_CHARLEN( p );
+               cl = LDAP_UTF8_CHARLEN2( p, cl );
                if ( cl == 0 ) {
                        /* illegal utf-8 char! */
                        return( -1 );
@@ -1903,7 +1903,7 @@ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
                        ber_len_t cnt;
 
                        for ( cnt = 1; cnt < cl; cnt++ ) {
-                               if ( ( p[ cnt ] & 0x80 ) == 0x00 ) {
+                               if ( ( p[ cnt ] & 0xc0 ) != 0x80 ) {
                                        return( -1 );
                                }
                        }

diff --git a/libraries/libldap/utf-8-conv.c b/libraries/libldap/utf-8-conv.c
index bc0149b3da31492db4e74aa5f109d644c7d86400..bb977a3f3c559aef17d041b1e5279a7a0c685198 100644 (file)
--- a/libraries/libldap/utf-8-conv.c
+++ b/libraries/libldap/utf-8-conv.c
@@ -85,7 +85,7 @@ ldap_x_utf8_to_wc ( wchar_t *wchar, const char *utf8char )
                utf8char = "";
 
        /* Get UTF-8 sequence length from 1st byte */
-       utflen = LDAP_UTF8_CHARLEN(utf8char);
+       utflen = LDAP_UTF8_CHARLEN2(utf8char, utflen);
        
        if( utflen==0 || utflen > LDAP_MAX_UTF8_LEN )
                return -1;                                                                      /* Invalid input */
@@ -130,7 +130,7 @@ ldap_x_utf8s_to_wcs ( wchar_t *wcstr, const char *utf8str, size_t count )
        while ( *utf8str && (wcstr==NULL || wclen<count) )
        {
                /* Get UTF-8 sequence length from 1st byte */
-               utflen = LDAP_UTF8_CHARLEN(utf8str);
+               utflen = LDAP_UTF8_CHARLEN2(utf8str, utflen);
                
                if( utflen==0 || utflen > LDAP_MAX_UTF8_LEN )
                        return -1;                                                                      /* Invalid input */

diff --git a/libraries/libldap/utf-8.c b/libraries/libldap/utf-8.c
index d25fc3036c3d34319e78034185b192cd13dc6354..c2518f41b0f50ab40b5ee1acc0e6032636fe8097 100644 (file)
--- a/libraries/libldap/utf-8.c
+++ b/libraries/libldap/utf-8.c
@@ -91,6 +91,29 @@ int ldap_utf8_charlen( const char * p )
        return ldap_utf8_lentab[*(unsigned char *)p ^ 0x80];
 }
 
+/*
+ * Make sure the UTF-8 char used the shortest possible encoding
+ * returns charlen if valid, 0 if not. 
+ */
+
+/* mask of required bits in second octet */
+const char ldap_utf8_mintab[] = {
+       0x20, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+       0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+       0x30, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+       0x38, 0x80, 0x80, 0x80, 0x3c, 0x80, 0x00, 0x00 };
+
+int ldap_utf8_charlen2( const char * p )
+{
+       int i = LDAP_UTF8_CHARLEN( p );
+
+       if ( i > 2 ) {
+               if ( !( ldap_utf8_mintab[*p & 0x1f] & p[1] ) )
+                       i = 0;
+       }
+       return i;
+}
+
 /* conv UTF-8 to UCS-4, useful for comparisons */
 ldap_ucs4_t ldap_x_utf8_to_ucs4( const char * p )
 {
@@ -100,7 +123,7 @@ ldap_ucs4_t ldap_x_utf8_to_ucs4( const char * p )
        static unsigned char mask[] = {
                0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 };
 
-       len = LDAP_UTF8_CHARLEN(p);
+       len = LDAP_UTF8_CHARLEN2(p, len);
 
        if( len == 0 ) return LDAP_UCS4_INVALID;