[Pkg-samba-maint] [samba] 08/19: CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes

[Jelmer Vernooij]

This is an automated email from the git hooks/post-receive script.

jelmer pushed a commit to branch upstream_4.3
in repository samba.

commit 4b8de776930e9b7e4c7da05a09b6f4d482877244
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Tue Nov 24 13:54:09 2015 +1300

    CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes
    
    UTF16 contains zero bytes when it is encoding ASCII (for example), so we
    can't assume the absense of the 0x80 bit means a one byte encoding. No
    current callers use UTF16.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Pair-programmed-with: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
---
 lib/util/charset/codepoints.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
index 99d209f..3d444a6 100644
--- a/lib/util/charset/codepoints.c
+++ b/lib/util/charset/codepoints.c
@@ -16669,7 +16669,10 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext(
 	size_t olen;
 	char *outbuf;
 
-	if ((str[0] & 0x80) == 0) {
+
+	if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS ||
+				       src_charset == CH_UNIX ||
+				       src_charset == CH_UTF8)) {
 		*bytes_consumed = 1;
 		return (codepoint_t)str[0];
 	}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git