diff options
author | Beat Bolli <dev@drbeat.li> | 2021-02-14 19:27:56 +0100 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2021-03-18 14:12:48 +1000 |
commit | ba64e5a92a6f009e311ad1c3565817820a1632a4 (patch) | |
tree | 0f6c3c34f118d7a1df64b8c833f19980c1472070 /crypto | |
parent | 90165623a50fa30454c4a2f9bece7af2c611b731 (diff) |
ASN1: limit the Unicode code point range in UTF8_getc() and UTF8_putc()
Since the Unicode 4.0.0 standard, the valid code point range is U+0000
to U+10FFFF. Make code points outside this range invalid when converting
from/to UTF-8.
Signed-off-by: Beat Bolli <dev@drbeat.li>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14185)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/a_utf8.c | 75 |
1 files changed, 12 insertions, 63 deletions
diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c index 143ae01db7..6572726cf1 100644 --- a/crypto/asn1/a_utf8.c +++ b/crypto/asn1/a_utf8.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include <stdio.h> #include "internal/cryptlib.h" +#include "internal/unicode.h" #include <openssl/asn1.h> /* UTF8 utilities */ @@ -58,6 +59,8 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val) value |= *p++ & 0x3f; if (value < 0x800) return -4; + if (is_unicode_surrogate(value)) + return -2; ret = 3; } else if ((*p & 0xf8) == 0xf0) { if (len < 4) @@ -73,40 +76,6 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val) if (value < 0x10000) return -4; ret = 4; - } else if ((*p & 0xfc) == 0xf8) { - if (len < 5) - return -1; - if (((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) - || ((p[3] & 0xc0) != 0x80) - || ((p[4] & 0xc0) != 0x80)) - return -3; - value = ((unsigned long)(*p++ & 0x3)) << 24; - value |= ((unsigned long)(*p++ & 0x3f)) << 18; - value |= ((unsigned long)(*p++ & 0x3f)) << 12; - value |= (*p++ & 0x3f) << 6; - value |= *p++ & 0x3f; - if (value < 0x200000) - return -4; - ret = 5; - } else if ((*p & 0xfe) == 0xfc) { - if (len < 6) - return -1; - if (((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) - || ((p[3] & 0xc0) != 0x80) - || ((p[4] & 0xc0) != 0x80) - || ((p[5] & 0xc0) != 0x80)) - return -3; - value = ((unsigned long)(*p++ & 0x1)) << 30; - value |= ((unsigned long)(*p++ & 0x3f)) << 24; - value |= ((unsigned long)(*p++ & 0x3f)) << 18; - value |= ((unsigned long)(*p++ & 0x3f)) << 12; - value |= (*p++ & 0x3f) << 6; - value |= *p++ & 0x3f; - if (value < 0x4000000) - return -4; - ret = 6; } else return -2; *val = value; @@ -116,15 +85,15 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val) /* * This takes a character 'value' and writes the UTF8 encoded value in 'str' * where 'str' is a buffer containing 'len' characters. Returns the number of - * characters written or -1 if 'len' is too small. 'str' can be set to NULL - * in which case it just returns the number of characters. It will need at - * most 6 characters. + * characters written, -1 if 'len' is too small or -2 if 'value' is out of + * range. 'str' can be set to NULL in which case it just returns the number of + * characters. It will need at most 4 characters. */ int UTF8_putc(unsigned char *str, int len, unsigned long value) { if (!str) - len = 6; /* Maximum we will need */ + len = 4; /* Maximum we will need */ else if (len <= 0) return -1; if (value < 0x80) { @@ -142,6 +111,8 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value) return 2; } if (value < 0x10000) { + if (is_unicode_surrogate(value)) + return -2; if (len < 3) return -1; if (str) { @@ -151,7 +122,7 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value) } return 3; } - if (value < 0x200000) { + if (value < UNICODE_LIMIT) { if (len < 4) return -1; if (str) { @@ -162,27 +133,5 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value) } return 4; } - if (value < 0x4000000) { - if (len < 5) - return -1; - if (str) { - *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); - *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 5; - } - if (len < 6) - return -1; - if (str) { - *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); - *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 6; + return -2; } |